| |
| |||||||
Log-Analyse und Auswertung: Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr LeistungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.06.2015, 12:30
| #1 |
| |  Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Ich habe den Verdacht das auf den System meiner Kinder "WinXP" sich ein Trojaner / Virus eingeschlichen hat. Beim Herrunterfahren des Systems kommt oft die Meldung ein anderer Benutzer ist noch angemeldet. Auch hat sich das System schon öfters von alleine Herruntergefahren . Öfters kommt die Meldung unten rechts eingeblendet das die USB Hub eine bessere Leistung erzielen können ohne das etwas neues angesteckt oder rausgenommen wurde. Es sind auc einige neue Ordner auf den System zu sehen die ich nicht zuordnen kann. Da unsere Kinder besser mit WinXP klar kommen wollen wir es behalten. Ichhabe das System wie von euch beschrieben mit FRST und GMER gescant. Hier das FRST Logfile : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Administrator (administrator) on ASPIRE on 15-06-2015 20:52:28
Running from C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Gast)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Disc Soft Ltd) C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe
(Mozilla Corporation) C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\firefox.exe
() C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\Gmer-19357.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18789920 2009-12-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [XboxStat] => c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKU\S-1-5-21-1454471165-261478967-725345543-500\...\Run: [DAEMON Tools Lite Automount] => C:\Programme\DAEMON Tools Lite\DTAgent.exe [3579120 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-261478967-725345543-500\...\Run: [Akamai NetSession Interface] => "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe"
HKU\S-1-5-21-1454471165-261478967-725345543-500\...\MountPoints2: {62e97342-a94d-11e4-99a9-806d6172696f} - D:\autorun.exe
HKU\S-1-5-21-1454471165-261478967-725345543-500\...\MountPoints2: {aae1e93f-0a2d-11e5-9a17-0022690d76d0} - D:\autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1454471165-261478967-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1454471165-261478967-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1454471165-261478967-725345543-500 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Programme\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\searchplugins\startpage-ssl-1.xml [2015-03-24]
FF SearchPlugin: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\searchplugins\startpage-ssl.xml [2015-03-24]
FF Extension: anonymoX - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\Extensions\client@anonymox.net.xpi [2015-03-24]
FF Extension: Ghostery - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\Extensions\firefox@ghostery.com.xpi [2015-06-02]
FF Extension: NO Google Analytics - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2015-04-02]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-24]
FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kk6aupd0.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-04-02]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)
R3 Disc Soft Lite Bus Service; C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe [1026288 2015-05-21] (Disc Soft Ltd)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2015-06-12] ()
S3 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [38912 2004-11-11] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25600 2004-11-11] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1312576 2008-05-20] (Atheros Communications, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-05-31] (Disc Soft Ltd)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
U3 DfSdkS; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
U3 kwtdrpod; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwtdrpod.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 20:51 - 2015-06-15 20:52 - 00000000 ____D C:\FRST
2015-06-15 10:08 - 2015-06-15 20:47 - 00001427 _____ C:\WINDOWS\setupapi.log
2015-06-12 19:33 - 2015-06-12 19:33 - 00268952 _____ C:\WINDOWS\system32\PnkBstrB.xtr
2015-06-12 19:33 - 2015-06-12 19:33 - 00268952 _____ C:\WINDOWS\system32\PnkBstrB.exe
2015-06-12 19:33 - 2015-06-12 19:33 - 00137176 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2015-06-12 19:33 - 2015-06-12 19:33 - 00075136 _____ C:\WINDOWS\system32\PnkBstrA.exe
2015-06-12 19:33 - 2015-06-12 19:33 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster
2015-06-10 23:17 - 2015-06-10 23:17 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
2015-06-10 19:26 - 2015-06-12 19:33 - 00000000 ____D C:\WINDOWS\system32\Logfiles
2015-06-10 19:10 - 2015-06-10 19:10 - 00000000 ____D C:\WINDOWS\pss
2015-06-09 11:00 - 2015-06-09 11:00 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
2015-06-07 19:28 - 1998-07-30 12:51 - 00305152 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2015-06-04 21:19 - 2015-06-04 21:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01007$
2015-06-04 21:19 - 2015-06-04 21:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2015-06-04 21:19 - 2015-06-04 21:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2015-06-04 21:19 - 2009-09-09 18:24 - 00062424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb21.sys
2015-06-04 21:19 - 2009-08-13 22:40 - 01112288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2015-06-04 21:19 - 2008-03-21 13:57 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-06-04 21:18 - 2015-06-04 21:19 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Xbox 360 Accessories
2015-06-04 21:18 - 2015-06-04 21:18 - 00000000 ____D C:\Programme\Microsoft Xbox 360 Accessories
2015-06-04 20:17 - 2015-06-04 20:17 - 00000000 ___HD C:\WINDOWS\PIF
2015-06-04 19:56 - 2015-06-04 20:17 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Westwood
2015-06-04 19:55 - 2015-06-04 19:55 - 00000000 ____D C:\WESTWOOD
2015-06-04 19:30 - 2015-06-05 13:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-03 11:53 - 2015-06-03 11:57 - 00000000 ____D C:\Programme\Mozilla Firefox
2015-05-31 22:14 - 2008-02-15 12:49 - 00192512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2015-05-31 20:57 - 2015-06-15 19:31 - 00362288 _____ C:\WINDOWS\WindowsUpdate.log
2015-05-31 19:16 - 2015-05-31 19:16 - 00025016 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-05-31 19:16 - 2015-05-31 19:16 - 00001607 _____ C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Lite.lnk
2015-05-30 20:21 - 2015-05-31 19:35 - 00119648 _____ C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1454471165-261478967-725345543-500-0.dat
2015-05-30 20:21 - 2015-05-31 19:35 - 00083246 _____ C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-05-30 20:02 - 2015-05-31 19:17 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 20:02 - 2015-05-31 19:16 - 00000000 ____D C:\Programme\DAEMON Tools Lite
2015-05-30 20:01 - 2015-05-30 20:01 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 19:47 - 2015-05-30 19:47 - 00000000 ____D C:\Programme\Microsoft.NET
2015-05-17 11:28 - 2012-01-29 20:51 - 00434176 _____ (Tiger-IT.de) C:\Dokumente und Einstellungen\Administrator\Desktop\xp-AntiSpy.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 20:52 - 2015-01-31 15:47 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2015-06-15 19:35 - 2015-01-31 15:32 - 01268206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-15 19:30 - 2015-05-04 19:08 - 00000238 _____ C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-06-15 19:30 - 2015-01-31 15:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-15 19:30 - 2015-01-31 15:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-15 19:30 - 2015-01-31 15:35 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-06-15 12:42 - 2015-01-31 15:47 - 00032500 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-15 12:42 - 2015-01-31 15:47 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2015-06-15 12:42 - 2015-01-31 15:47 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2015-06-15 12:12 - 2015-01-31 15:38 - 00000000 ____D C:\WINDOWS\Registration
2015-06-14 15:46 - 2004-11-11 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-10 23:52 - 2015-05-05 10:55 - 00000000 ____D C:\Spiele
2015-06-10 23:27 - 2015-01-31 15:31 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-06-10 19:33 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\security
2015-06-10 19:27 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-06-10 19:27 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\Help
2015-06-10 19:27 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\Cursors
2015-06-10 19:27 - 2015-01-31 15:37 - 00000000 ____D C:\Programme\Windows NT
2015-06-10 19:26 - 2015-01-31 15:39 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele
2015-06-10 19:26 - 2015-01-31 15:37 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zubehör
2015-06-10 13:52 - 2015-02-16 14:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2015-06-10 13:04 - 2015-05-04 18:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 12:55 - 2015-05-04 18:44 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 10:56 - 2015-05-04 17:15 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-09 10:56 - 2015-05-04 17:15 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-09 10:56 - 2015-05-04 17:15 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-06-08 15:00 - 2015-05-04 19:08 - 00000232 _____ C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-06-04 21:18 - 2015-01-31 15:40 - 00000000 ____D C:\WINDOWS\system32\DirectX
2015-06-04 21:18 - 2015-01-31 15:32 - 00000000 ___RD C:\Programme
2015-06-04 20:17 - 2004-11-11 14:00 - 00000563 _____ C:\WINDOWS\WIN.INI
2015-06-01 14:14 - 2015-04-04 23:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-05-31 21:19 - 2015-02-09 15:59 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-05-31 20:46 - 2015-05-03 21:06 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Bilder
2015-05-31 19:05 - 2015-01-31 15:31 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2015-05-31 18:50 - 2015-01-31 15:46 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2015-05-31 18:50 - 2015-01-31 15:46 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2015-05-31 18:49 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\system
2015-05-31 13:49 - 2015-01-31 15:31 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2015-05-31 12:11 - 2015-02-17 14:45 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Musik
2015-05-31 11:32 - 2015-01-31 15:39 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-05-30 19:54 - 2015-02-09 16:31 - 00000000 ____D C:\WINDOWS\system32\de-de
2015-05-25 16:49 - 2015-05-05 23:22 - 00000000 ____D C:\Programme\Bridge Building Game
2015-05-23 01:08 - 2015-04-22 16:13 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser
2015-05-18 22:16 - 2015-04-09 09:21 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-05-17 11:32 - 2015-01-31 15:38 - 00000000 ____D C:\Programme\Messenger
2015-05-16 21:00 - 2015-01-31 15:47 - 00000783 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
2015-05-16 20:56 - 2015-05-04 19:03 - 00000000 ____D C:\WINDOWS\ie8updates
2015-05-16 20:54 - 2015-01-31 16:25 - 00000000 ____D C:\WINDOWS\Media
==================== Files in the root of some directories =======
2015-02-16 14:22 - 2015-02-23 10:19 - 0015872 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-22 15:44 - 2015-04-22 15:44 - 0002876 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
Some files in TEMP:
====================
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\avgnt.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
Und hier das Addition Logfile :FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Administrator at 2015-06-15 20:53:41
Running from C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1454471165-261478967-725345543-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1454471165-261478967-725345543-501 - Limited - Disabled) => %SystemDrive%\Dokumente und Einstellungen\Gast
Hilfeassistent (S-1-5-21-1454471165-261478967-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1454471165-261478967-725345543-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Ashampoo WinOptimizer 2015 v.11.00.50 (HKLM\...\{4209F371-3276-A8F7-B851-845A83732AB4}_is1) (Version: 11.00.50 - Ashampoo GmbH & Co. KG)
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.6.0.224 - Atheros)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Bridge Building Game (HKLM\...\Bridge Building Game) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
D-Fend Reloaded 1.4.1 (deinstallieren) (HKLM\...\D-Fend Reloaded) (Version: 1.4.1 - Alexander Herzog)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834902-v2) (HKLM\...\KB2834902-v2_WM10) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2510581) (HKLM\...\KB2510581) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2909212) (HKLM\...\KB2909212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2936068) (HKLM\...\KB2936068) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2964358) (HKLM\...\KB2964358) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
Wings Of Fury (HKLM\...\Wings Of Fury) (Version: - )
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein - Enemy Territory (HKLM\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
27-04-2015 15:45:24 Systemprüfpunkt
28-04-2015 19:12:24 Systemprüfpunkt
02-05-2015 15:06:22 Systemprüfpunkt
03-05-2015 16:16:23 Systemprüfpunkt
03-05-2015 20:02:48 Installed CCS64 V3.9
04-05-2015 17:45:00 Software Distribution Service 3.0
04-05-2015 18:05:54 Software Distribution Service 3.0
04-05-2015 18:30:32 Software Distribution Service 3.0
04-05-2015 19:13:34 Software Distribution Service 3.0
04-05-2015 19:19:07 Installed Windows KB954550-v5.
04-05-2015 23:13:58 Installed WinUAE
05-05-2015 13:47:46 Software Distribution Service 3.0
07-05-2015 21:09:57 Systemprüfpunkt
11-05-2015 16:45:02 Systemprüfpunkt
12-05-2015 15:38:55 DirectX wurde installiert
12-05-2015 18:32:51 Removed WinUAE
12-05-2015 18:33:06 Removed CCS64 V3.9
13-05-2015 10:32:19 Software Distribution Service 3.0
15-05-2015 19:03:20 Systemprüfpunkt
17-05-2015 17:02:07 Systemprüfpunkt
22-05-2015 19:26:52 Systemprüfpunkt
24-05-2015 10:11:31 Systemprüfpunkt
26-05-2015 16:53:07 Systemprüfpunkt
29-05-2015 14:17:26 Systemprüfpunkt
31-05-2015 11:32:25 Wiederherstellungsvorgang
31-05-2015 18:46:10 Wiederherstellungsvorgang
31-05-2015 21:02:52 Software Distribution Service 3.0
01-06-2015 18:43:18 DirectX wurde installiert
03-06-2015 02:56:01 Systemprüfpunkt
04-06-2015 20:41:48 Systemprüfpunkt
04-06-2015 21:18:48 DirectX wurde installiert
04-06-2015 21:19:16 Installed Windows XP Wdf01007.
05-06-2015 21:29:04 Systemprüfpunkt
07-06-2015 11:54:55 Systemprüfpunkt
10-06-2015 12:54:52 Software Distribution Service 3.0
11-06-2015 01:04:07 Akamai NetSession Interface wird installiert
14-06-2015 16:42:47 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-11-11 14:00 - 2004-11-11 14:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (Whitelisted) ==============
2015-06-12 19:33 - 2015-06-12 19:33 - 00075136 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2000-01-01 02:00 - 2000-01-01 02:00 - 00092087 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\libssp-0.dll
2000-01-01 02:00 - 2000-01-01 02:00 - 05064206 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\mozjs.dll
2000-01-01 02:00 - 2000-01-01 02:00 - 02029056 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2000-01-01 02:00 - 2000-01-01 02:00 - 00714452 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
2000-01-01 02:00 - 2000-01-01 02:00 - 00092087 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2000-01-01 02:00 - 2000-01-01 02:00 - 00517814 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2000-01-01 02:00 - 2000-01-01 02:00 - 00110592 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
2015-06-15 20:42 - 2015-06-15 20:42 - 00380416 _____ () C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\Gmer-19357.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1454471165-261478967-725345543-500\Control Panel\Desktop\\Wallpaper -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
==================== Faulty Device Manager Devices =============
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB-Videogerät
Description: USB-Videogerät
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 07:30:42 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 07:30:42 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 07:30:34 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 07:30:34 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 11:58:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 11:58:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 11:56:32 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 11:56:32 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 10:05:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
Error: (06/15/2015 10:05:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht.
System errors:
=============
Error: (06/08/2015 00:06:16 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (06/06/2015 01:27:39 AM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (06/05/2015 01:53:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2015 02:58:01 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/31/2015 02:02:34 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/28/2015 01:33:26 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/25/2015 09:19:55 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/22/2015 11:29:51 AM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/20/2015 02:28:22 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Error: (05/19/2015 02:06:03 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC
Microsoft Office:
=========================
Error: (06/15/2015 07:30:42 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Error: (06/15/2015 07:30:42 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
Error: (06/15/2015 07:30:34 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Error: (06/15/2015 07:30:34 PM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
Error: (06/15/2015 11:58:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Error: (06/15/2015 11:58:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
Error: (06/15/2015 11:56:32 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Error: (06/15/2015 11:56:32 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
Error: (06/15/2015 10:05:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Error: (06/15/2015 10:05:51 AM) (Source: Userenv) (EventID: 1041) (User: NT-AUTORITÄT)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 46%
Total physical RAM: 1011.88 MB
Available physical RAM: 543.13 MB
Total Pagefile: 2430.57 MB
Available Pagefile: 1791.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:49.81 GB) (Free:31.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 5FA38A47)
Partition 1: (Active) - (Size=49.8 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- Ich hoffe ihr könnt mir weiter helfen. Ich halte es für möglich das Klassenkameraden über die IP einen Trojaner auf das System geschlichen haben . Vielen Dank schonmal |
|
16.06.2015, 13:06
| #2 |
| /// the machine /// TB-Ausbilder    | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
16.06.2015, 18:27
| #3 |
| | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Hallo Schrauber hier das Logfile von Malewarebytes :
__________________Gefunden wurde mit dem Programm wohl nichts ... Malwarebytes Anti-Rootkit BETA 1.09.1.1004 Malwarebytes | Free Anti-Malware & Internet Security Software Database version: main: v2015.06.16.03 rootkit: v2015.06.15.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: ASPIRE [administrator] 16.06.2015 13:54:19 mbar-log-2015-06-16 (13-54-19).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 300626 Time elapsed: 1 hour(s), 28 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Hier der Report von TDSS Killer , er liefet einen Fund in der Harddisk . Ist der Fund gravierend ? Um was für einen Schädling handelt es sich ? 15:46:12.0703 0x06ac TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 15:46:37.0968 0x06ac ============================================================ 15:46:37.0968 0x06ac Current date / time: 2015/06/16 15:46:37.0968 15:46:37.0968 0x06ac SystemInfo: 15:46:37.0968 0x06ac 15:46:37.0968 0x06ac OS Version: 5.1.2600 ServicePack: 3.0 15:46:37.0968 0x06ac Product type: Workstation 15:46:37.0968 0x06ac ComputerName: ASPIRE 15:46:37.0968 0x06ac UserName: Administrator 15:46:37.0968 0x06ac Windows directory: C:\WINDOWS 15:46:37.0968 0x06ac System windows directory: C:\WINDOWS 15:46:37.0968 0x06ac Processor architecture: Intel x86 15:46:37.0968 0x06ac Number of processors: 2 15:46:37.0968 0x06ac Page size: 0x1000 15:46:37.0968 0x06ac Boot type: Normal boot 15:46:37.0968 0x06ac ============================================================ 15:46:41.0406 0x06ac KLMD registered as C:\WINDOWS\system32\drivers\46948870.sys 15:46:42.0890 0x06ac System UUID: {27CBF010-E887-F38E-70A1-AB45267BF284} 15:46:46.0812 0x06ac Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 15:46:46.0828 0x06ac ============================================================ 15:46:46.0828 0x06ac \Device\Harddisk0\DR0: 15:46:46.0828 0x06ac MBR partitions: 15:46:46.0828 0x06ac \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7 15:46:46.0828 0x06ac ============================================================ 15:46:46.0859 0x06ac C: <-> \Device\Harddisk0\DR0\Partition1 15:46:46.0859 0x06ac ============================================================ 15:46:46.0859 0x06ac Initialize success 15:46:46.0859 0x06ac ============================================================ 15:48:00.0390 0x0db0 ============================================================ 15:48:00.0390 0x0db0 Scan started 15:48:00.0390 0x0db0 Mode: Manual; SigCheck; TDLFS; 15:48:00.0390 0x0db0 ============================================================ 15:48:00.0390 0x0db0 KSN ping started 15:48:03.0000 0x0db0 KSN ping finished: true 15:48:04.0796 0x0db0 ================ Scan system memory ======================== 15:48:04.0812 0x0db0 System memory - ok 15:48:04.0812 0x0db0 ================ Scan services ============================= 15:48:05.0281 0x0db0 Abiosdsk - ok 15:48:05.0296 0x0db0 abp480n5 - ok 15:48:05.0703 0x0db0 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:48:07.0281 0x0db0 ACPI - ok 15:48:07.0828 0x0db0 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:48:08.0062 0x0db0 ACPIEC - ok 15:48:08.0062 0x0db0 adpu160m - ok 15:48:08.0234 0x0db0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:48:08.0656 0x0db0 aec - ok 15:48:08.0796 0x0db0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:48:08.0968 0x0db0 AFD - ok 15:48:08.0968 0x0db0 Aha154x - ok 15:48:08.0984 0x0db0 aic78u2 - ok 15:48:09.0000 0x0db0 aic78xx - ok 15:48:09.0046 0x0db0 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:48:09.0375 0x0db0 Alerter - ok 15:48:09.0453 0x0db0 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe 15:48:09.0812 0x0db0 ALG - ok 15:48:09.0828 0x0db0 AliIde - ok 15:48:11.0093 0x0db0 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys 15:48:13.0734 0x0db0 Ambfilt - ok 15:48:13.0750 0x0db0 amsint - ok 15:48:14.0515 0x0db0 [ 6C82CA438DBBB56EBF46506360411BC9, 61B95C2B92586C80173D12B0D0435DB20DC941A9E1594A90A39569F5888BE4F4 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe 15:48:15.0609 0x0db0 AntiVirMailService - ok 15:48:16.0156 0x0db0 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 15:48:16.0453 0x0db0 AntiVirSchedulerService - ok 15:48:16.0875 0x0db0 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 15:48:17.0156 0x0db0 AntiVirService - ok 15:48:18.0015 0x0db0 [ A9861F16762ABF8C1710E599FBBA6A7E, 42E3E1DDB6BA608928537AA83FF4312A6D6FE7DB0DEF4A1DFA69132F2394E899 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:48:19.0703 0x0db0 AntiVirWebService - ok 15:48:20.0015 0x0db0 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 15:48:20.0421 0x0db0 AppMgmt - ok 15:48:21.0531 0x0db0 [ 7CAE93FE5511D0C0688CFA56CF241E31, EF02A5A8FE71A8DAA99D2D82573EA91706B580DFB2A212B4D862C6500498CD87 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 15:48:22.0562 0x0db0 AR5416 - ok 15:48:22.0578 0x0db0 asc - ok 15:48:22.0578 0x0db0 asc3350p - ok 15:48:22.0593 0x0db0 asc3550 - ok 15:48:22.0843 0x0db0 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:48:23.0078 0x0db0 aspnet_state - ok 15:48:23.0109 0x0db0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:48:23.0390 0x0db0 AsyncMac - ok 15:48:23.0500 0x0db0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:48:23.0796 0x0db0 atapi - ok 15:48:23.0812 0x0db0 Atdisk - ok 15:48:23.0937 0x0db0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:48:24.0281 0x0db0 Atmarpc - ok 15:48:24.0359 0x0db0 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:48:24.0609 0x0db0 AudioSrv - ok 15:48:24.0687 0x0db0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:48:24.0890 0x0db0 audstub - ok 15:48:25.0000 0x0db0 [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:48:25.0093 0x0db0 avgntflt - ok 15:48:25.0218 0x0db0 [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:48:25.0343 0x0db0 avipbb - ok 15:48:25.0390 0x0db0 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 15:48:25.0453 0x0db0 avkmgr - ok 15:48:25.0500 0x0db0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:48:25.0703 0x0db0 Beep - ok 15:48:26.0031 0x0db0 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll 15:48:26.0812 0x0db0 BITS - ok 15:48:26.0937 0x0db0 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll 15:48:27.0062 0x0db0 Browser - ok 15:48:27.0109 0x0db0 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 15:48:27.0375 0x0db0 BthEnum - ok 15:48:27.0421 0x0db0 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys 15:48:27.0703 0x0db0 BTHMODEM - ok 15:48:27.0812 0x0db0 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 15:48:28.0125 0x0db0 BthPan - ok 15:48:28.0390 0x0db0 [ 592E1CEDBE314D0EF184DC6F46141E76, D69106F90C56C1E67BA4B96D6766C6676B66D0E0DF8358DA4B75FEFF211AA23E ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 15:48:28.0687 0x0db0 BTHPORT - ok 15:48:28.0750 0x0db0 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ C:\WINDOWS\System32\bthserv.dll 15:48:29.0062 0x0db0 BthServ - ok 15:48:29.0140 0x0db0 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 15:48:29.0515 0x0db0 BTHUSB - ok 15:48:29.0593 0x0db0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:48:29.0812 0x0db0 cbidf2k - ok 15:48:29.0890 0x0db0 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:48:30.0156 0x0db0 CCDECODE - ok 15:48:30.0171 0x0db0 cd20xrnt - ok 15:48:30.0265 0x0db0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:48:30.0531 0x0db0 Cdaudio - ok 15:48:30.0625 0x0db0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:48:30.0921 0x0db0 Cdfs - ok 15:48:31.0015 0x0db0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:48:31.0281 0x0db0 Cdrom - ok 15:48:31.0281 0x0db0 Changer - ok 15:48:31.0359 0x0db0 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:48:31.0625 0x0db0 CiSvc - ok 15:48:31.0703 0x0db0 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:48:31.0937 0x0db0 ClipSrv - ok 15:48:32.0046 0x0db0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:48:32.0234 0x0db0 clr_optimization_v2.0.50727_32 - ok 15:48:32.0437 0x0db0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:48:32.0562 0x0db0 clr_optimization_v4.0.30319_32 - ok 15:48:32.0609 0x0db0 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:48:32.0843 0x0db0 CmBatt - ok 15:48:32.0859 0x0db0 CmdIde - ok 15:48:32.0921 0x0db0 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:48:33.0187 0x0db0 Compbatt - ok 15:48:33.0203 0x0db0 COMSysApp - ok 15:48:33.0218 0x0db0 Cpqarray - ok 15:48:33.0328 0x0db0 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:48:33.0625 0x0db0 CryptSvc - ok 15:48:33.0625 0x0db0 dac2w2k - ok 15:48:33.0640 0x0db0 dac960nt - ok 15:48:33.0937 0x0db0 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:48:34.0468 0x0db0 DcomLaunch - ok 15:48:34.0609 0x0db0 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:48:34.0906 0x0db0 Dhcp - ok 15:48:35.0750 0x0db0 [ 589C7025A04F697B3D140ACCEC5F8592, 8470CB7BD2892E9452A8BD713F85D573AC6B4BFAE25D28A578D329311196EA34 ] Disc Soft Lite Bus Service C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe 15:48:36.0296 0x0db0 Disc Soft Lite Bus Service - ok 15:48:36.0359 0x0db0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:48:36.0718 0x0db0 Disk - ok 15:48:36.0718 0x0db0 dmadmin - ok 15:48:37.0265 0x0db0 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:48:38.0312 0x0db0 dmboot - ok 15:48:38.0484 0x0db0 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:48:38.0875 0x0db0 dmio - ok 15:48:38.0937 0x0db0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:48:39.0250 0x0db0 dmload - ok 15:48:39.0328 0x0db0 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:48:39.0562 0x0db0 dmserver - ok 15:48:39.0640 0x0db0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:48:39.0875 0x0db0 DMusic - ok 15:48:39.0968 0x0db0 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:48:40.0062 0x0db0 Dnscache - ok 15:48:40.0171 0x0db0 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:48:40.0500 0x0db0 Dot3svc - ok 15:48:40.0500 0x0db0 dpti2o - ok 15:48:40.0562 0x0db0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:48:40.0750 0x0db0 drmkaud - ok 15:48:40.0843 0x0db0 [ 0026A0408C87AB8DCA6FF9A8977C7066, EF64AE4717E68A090D5D86A39C32994A521B7488622569E6B42ED31E83C1AA8C ] dtlitescsibus C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys 15:48:40.0875 0x0db0 dtlitescsibus - ok 15:48:40.0937 0x0db0 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:48:41.0156 0x0db0 EapHost - ok 15:48:41.0250 0x0db0 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:48:41.0546 0x0db0 ERSvc - ok 15:48:41.0656 0x0db0 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe 15:48:41.0781 0x0db0 Eventlog - ok 15:48:41.0984 0x0db0 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll 15:48:42.0250 0x0db0 EventSystem - ok 15:48:42.0375 0x0db0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:48:42.0921 0x0db0 Fastfat - ok 15:48:43.0093 0x0db0 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:48:43.0234 0x0db0 FastUserSwitchingCompatibility - ok 15:48:43.0265 0x0db0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 15:48:43.0468 0x0db0 Fdc - ok 15:48:43.0515 0x0db0 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:48:43.0843 0x0db0 Fips - ok 15:48:43.0906 0x0db0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 15:48:44.0125 0x0db0 Flpydisk - ok 15:48:44.0265 0x0db0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:48:44.0625 0x0db0 FltMgr - ok 15:48:44.0687 0x0db0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:48:44.0906 0x0db0 Fs_Rec - ok 15:48:45.0046 0x0db0 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:48:45.0390 0x0db0 Ftdisk - ok 15:48:45.0500 0x0db0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:48:45.0718 0x0db0 Gpc - ok 15:48:45.0859 0x0db0 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:48:46.0187 0x0db0 HDAudBus - ok 15:48:46.0328 0x0db0 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:48:46.0562 0x0db0 helpsvc - ok 15:48:46.0609 0x0db0 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll 15:48:46.0937 0x0db0 HidServ - ok 15:48:47.0015 0x0db0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:48:47.0234 0x0db0 HidUsb - ok 15:48:47.0359 0x0db0 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:48:47.0687 0x0db0 hkmsvc - ok 15:48:47.0703 0x0db0 hpn - ok 15:48:47.0937 0x0db0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:48:48.0187 0x0db0 HTTP - ok 15:48:48.0234 0x0db0 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:48:48.0546 0x0db0 HTTPFilter - ok 15:48:48.0546 0x0db0 i2omgmt - ok 15:48:48.0562 0x0db0 i2omp - ok 15:48:48.0609 0x0db0 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:48:48.0859 0x0db0 i8042prt - ok 15:48:52.0578 0x0db0 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:49:00.0109 0x0db0 ialm - ok 15:49:00.0203 0x0db0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:49:00.0468 0x0db0 Imapi - ok 15:49:00.0640 0x0db0 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe 15:49:00.0984 0x0db0 ImapiService - ok 15:49:01.0000 0x0db0 ini910u - ok 15:49:04.0859 0x0db0 [ 2E9CDF1766FA55E88443E1EF48923BC8, 34194B34A0D5974B3207E774265A533F3D9181CBBDD382ABD0E3AB85BBCB76A7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:49:13.0000 0x0db0 IntcAzAudAddService - ok 15:49:13.0031 0x0db0 IntelIde - ok 15:49:13.0109 0x0db0 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:49:13.0359 0x0db0 intelppm - ok 15:49:13.0437 0x0db0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:49:13.0671 0x0db0 Ip6Fw - ok 15:49:13.0765 0x0db0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:49:14.0015 0x0db0 IpFilterDriver - ok 15:49:14.0093 0x0db0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:49:14.0453 0x0db0 IpInIp - ok 15:49:14.0562 0x0db0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:49:15.0031 0x0db0 IpNat - ok 15:49:15.0140 0x0db0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:49:15.0437 0x0db0 IPSec - ok 15:49:15.0468 0x0db0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:49:15.0703 0x0db0 IRENUM - ok 15:49:15.0765 0x0db0 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:49:16.0015 0x0db0 isapnp - ok 15:49:16.0078 0x0db0 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:49:16.0281 0x0db0 Kbdclass - ok 15:49:16.0484 0x0db0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:49:16.0812 0x0db0 kmixer - ok 15:49:16.0937 0x0db0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:49:17.0140 0x0db0 KSecDD - ok 15:49:17.0250 0x0db0 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:49:17.0421 0x0db0 lanmanserver - ok 15:49:17.0546 0x0db0 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:49:17.0703 0x0db0 lanmanworkstation - ok 15:49:17.0703 0x0db0 lbrtfdc - ok 15:49:17.0765 0x0db0 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:49:18.0000 0x0db0 LmHosts - ok 15:49:18.0140 0x0db0 [ 2C137B8C4F4076FDFFBB81E23EC99248, 55952CD3723C3E957E809C1DAD5C5A52F368AE32FBE0A1B12699E5251E74B806 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 15:49:18.0250 0x0db0 mbamchameleon - ok 15:49:18.0312 0x0db0 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:49:18.0578 0x0db0 Messenger - ok 15:49:18.0640 0x0db0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:49:18.0859 0x0db0 mnmdd - ok 15:49:18.0953 0x0db0 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:49:19.0296 0x0db0 mnmsrvc - ok 15:49:19.0406 0x0db0 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:49:19.0625 0x0db0 Modem - ok 15:49:20.0703 0x0db0 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys 15:49:22.0546 0x0db0 Monfilt - ok 15:49:22.0593 0x0db0 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:49:23.0015 0x0db0 Mouclass - ok 15:49:23.0093 0x0db0 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:49:23.0328 0x0db0 mouhid - ok 15:49:23.0437 0x0db0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:49:23.0703 0x0db0 MountMgr - ok 15:49:23.0718 0x0db0 mraid35x - ok 15:49:23.0843 0x0db0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:49:24.0187 0x0db0 MRxDAV - ok 15:49:24.0578 0x0db0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:49:25.0125 0x0db0 MRxSmb - ok 15:49:25.0171 0x0db0 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:49:25.0390 0x0db0 MSDTC - ok 15:49:25.0453 0x0db0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:49:25.0687 0x0db0 Msfs - ok 15:49:25.0687 0x0db0 MSIServer - ok 15:49:25.0718 0x0db0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:49:25.0953 0x0db0 MSKSSRV - ok 15:49:26.0000 0x0db0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:49:26.0187 0x0db0 MSPCLOCK - ok 15:49:26.0265 0x0db0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:49:26.0515 0x0db0 MSPQM - ok 15:49:26.0562 0x0db0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:49:26.0796 0x0db0 mssmbios - ok 15:49:26.0875 0x0db0 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 15:49:27.0125 0x0db0 MSTEE - ok 15:49:27.0250 0x0db0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:49:27.0375 0x0db0 Mup - ok 15:49:27.0453 0x0db0 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:49:27.0750 0x0db0 NABTSFEC - ok 15:49:28.0015 0x0db0 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll 15:49:28.0453 0x0db0 napagent - ok 15:49:28.0609 0x0db0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:49:28.0937 0x0db0 NDIS - ok 15:49:29.0031 0x0db0 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:49:29.0281 0x0db0 NdisIP - ok 15:49:29.0359 0x0db0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:49:29.0421 0x0db0 NdisTapi - ok 15:49:29.0453 0x0db0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:49:29.0671 0x0db0 Ndisuio - ok 15:49:29.0781 0x0db0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:49:30.0078 0x0db0 NdisWan - ok 15:49:30.0156 0x0db0 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:49:30.0265 0x0db0 NDProxy - ok 15:49:30.0312 0x0db0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:49:30.0546 0x0db0 NetBIOS - ok 15:49:30.0703 0x0db0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:49:31.0093 0x0db0 NetBT - ok 15:49:31.0203 0x0db0 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe 15:49:31.0484 0x0db0 NetDDE - ok 15:49:31.0609 0x0db0 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:49:31.0859 0x0db0 NetDDEdsdm - ok 15:49:31.0937 0x0db0 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:49:32.0250 0x0db0 Netlogon - ok 15:49:32.0390 0x0db0 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll 15:49:32.0734 0x0db0 Netman - ok 15:49:32.0906 0x0db0 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll 15:49:33.0109 0x0db0 Nla - ok 15:49:33.0171 0x0db0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:49:33.0453 0x0db0 Npfs - ok 15:49:33.0812 0x0db0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:49:34.0625 0x0db0 Ntfs - ok 15:49:34.0687 0x0db0 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:49:34.0875 0x0db0 NtLmSsp - ok 15:49:35.0218 0x0db0 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:49:35.0859 0x0db0 NtmsSvc - ok 15:49:35.0906 0x0db0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys 15:49:36.0140 0x0db0 Null - ok 15:49:36.0203 0x0db0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:49:36.0437 0x0db0 NwlnkFlt - ok 15:49:36.0468 0x0db0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:49:36.0718 0x0db0 NwlnkFwd - ok 15:49:36.0843 0x0db0 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 15:49:37.0109 0x0db0 Parport - ok 15:49:37.0171 0x0db0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:49:37.0500 0x0db0 PartMgr - ok 15:49:37.0593 0x0db0 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:49:37.0812 0x0db0 ParVdm - ok 15:49:37.0906 0x0db0 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:49:38.0250 0x0db0 PCI - ok 15:49:38.0250 0x0db0 PCIDump - ok 15:49:38.0281 0x0db0 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:49:38.0484 0x0db0 PCIIde - ok 15:49:38.0640 0x0db0 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 15:49:38.0921 0x0db0 Pcmcia - ok 15:49:38.0921 0x0db0 PDCOMP - ok 15:49:38.0937 0x0db0 PDFRAME - ok 15:49:38.0953 0x0db0 PDRELI - ok 15:49:38.0953 0x0db0 PDRFRAME - ok 15:49:38.0968 0x0db0 perc2 - ok 15:49:38.0968 0x0db0 perc2hib - ok 15:49:39.0109 0x0db0 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe 15:49:39.0156 0x0db0 PlugPlay - ok 15:49:39.0265 0x0db0 [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe 15:49:39.0296 0x0db0 PnkBstrA - ok 15:49:39.0312 0x0db0 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:49:39.0546 0x0db0 PolicyAgent - ok 15:49:39.0656 0x0db0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:49:39.0921 0x0db0 PptpMiniport - ok 15:49:39.0984 0x0db0 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:49:40.0234 0x0db0 ProtectedStorage - ok 15:49:40.0312 0x0db0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:49:40.0609 0x0db0 PSched - ok 15:49:40.0625 0x0db0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:49:40.0906 0x0db0 Ptilink - ok 15:49:40.0906 0x0db0 ql1080 - ok 15:49:40.0921 0x0db0 Ql10wnt - ok 15:49:40.0921 0x0db0 ql12160 - ok 15:49:40.0937 0x0db0 ql1240 - ok 15:49:40.0953 0x0db0 ql1280 - ok 15:49:41.0015 0x0db0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:49:41.0234 0x0db0 RasAcd - ok 15:49:41.0328 0x0db0 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:49:41.0609 0x0db0 RasAuto - ok 15:49:41.0703 0x0db0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:49:42.0000 0x0db0 Rasl2tp - ok 15:49:42.0187 0x0db0 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:49:42.0515 0x0db0 RasMan - ok 15:49:42.0625 0x0db0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:49:42.0921 0x0db0 RasPppoe - ok 15:49:42.0953 0x0db0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:49:43.0203 0x0db0 Raspti - ok 15:49:43.0375 0x0db0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:49:43.0703 0x0db0 Rdbss - ok 15:49:43.0765 0x0db0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:49:43.0968 0x0db0 RDPCDD - ok 15:49:44.0171 0x0db0 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:49:44.0515 0x0db0 rdpdr - ok 15:49:44.0687 0x0db0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:49:44.0843 0x0db0 RDPWD - ok 15:49:44.0984 0x0db0 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:49:45.0343 0x0db0 RDSessMgr - ok 15:49:45.0437 0x0db0 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:49:45.0703 0x0db0 redbook - ok 15:49:45.0796 0x0db0 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:49:46.0125 0x0db0 RemoteAccess - ok 15:49:46.0218 0x0db0 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 15:49:46.0484 0x0db0 RemoteRegistry - ok 15:49:46.0578 0x0db0 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 15:49:46.0843 0x0db0 RFCOMM - ok 15:49:46.0937 0x0db0 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe 15:49:47.0281 0x0db0 RpcLocator - ok 15:49:47.0546 0x0db0 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll 15:49:47.0796 0x0db0 RpcSs - ok 15:49:47.0937 0x0db0 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:49:48.0265 0x0db0 RSVP - ok 15:49:48.0296 0x0db0 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe 15:49:48.0531 0x0db0 SamSs - ok 15:49:48.0671 0x0db0 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:49:48.0953 0x0db0 SCardSvr - ok 15:49:49.0140 0x0db0 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:49:49.0515 0x0db0 Schedule - ok 15:49:49.0609 0x0db0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:49:49.0828 0x0db0 Secdrv - ok 15:49:49.0906 0x0db0 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll 15:49:50.0156 0x0db0 seclogon - ok 15:49:50.0234 0x0db0 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll 15:49:50.0484 0x0db0 SENS - ok 15:49:50.0593 0x0db0 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 15:49:50.0890 0x0db0 Serial - ok 15:49:50.0968 0x0db0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:49:51.0218 0x0db0 Sfloppy - ok 15:49:51.0546 0x0db0 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:49:52.0187 0x0db0 SharedAccess - ok 15:49:52.0328 0x0db0 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:49:52.0406 0x0db0 ShellHWDetection - ok 15:49:52.0421 0x0db0 Simbad - ok 15:49:52.0468 0x0db0 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:49:52.0671 0x0db0 SLIP - ok 15:49:52.0687 0x0db0 Sparrow - ok 15:49:52.0734 0x0db0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:49:52.0953 0x0db0 splitter - ok 15:49:53.0078 0x0db0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:49:53.0171 0x0db0 Spooler - ok 15:49:53.0250 0x0db0 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:49:53.0531 0x0db0 sr - ok 15:49:53.0718 0x0db0 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll 15:49:54.0093 0x0db0 srservice - ok 15:49:54.0421 0x0db0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:49:54.0890 0x0db0 Srv - ok 15:49:54.0984 0x0db0 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:49:55.0250 0x0db0 SSDPSRV - ok 15:49:55.0343 0x0db0 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:49:55.0390 0x0db0 ssmdrv - ok 15:49:55.0671 0x0db0 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:49:56.0281 0x0db0 stisvc - ok 15:49:56.0359 0x0db0 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:49:56.0625 0x0db0 streamip - ok 15:49:56.0703 0x0db0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:49:56.0921 0x0db0 swenum - ok 15:49:57.0046 0x0db0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:49:57.0359 0x0db0 swmidi - ok 15:49:57.0375 0x0db0 SwPrv - ok 15:49:57.0390 0x0db0 symc810 - ok 15:49:57.0390 0x0db0 symc8xx - ok 15:49:57.0406 0x0db0 sym_hi - ok 15:49:57.0421 0x0db0 sym_u3 - ok 15:49:57.0484 0x0db0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:49:57.0781 0x0db0 sysaudio - ok 15:49:57.0937 0x0db0 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:49:58.0328 0x0db0 SysmonLog - ok 15:49:58.0546 0x0db0 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:49:58.0968 0x0db0 TapiSrv - ok 15:49:59.0281 0x0db0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:49:59.0734 0x0db0 Tcpip - ok 15:49:59.0781 0x0db0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:50:00.0171 0x0db0 TDPIPE - ok 15:50:00.0234 0x0db0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:50:00.0484 0x0db0 TDTCP - ok 15:50:00.0546 0x0db0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:50:00.0953 0x0db0 TermDD - ok 15:50:01.0218 0x0db0 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll 15:50:01.0484 0x0db0 TermService - ok 15:50:01.0734 0x0db0 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll 15:50:01.0765 0x0db0 Themes - ok 15:50:01.0859 0x0db0 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 15:50:02.0171 0x0db0 TlntSvr - ok 15:50:02.0171 0x0db0 TosIde - ok 15:50:02.0312 0x0db0 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:50:02.0734 0x0db0 TrkWks - ok 15:50:02.0859 0x0db0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:50:03.0265 0x0db0 Udfs - ok 15:50:03.0265 0x0db0 ultra - ok 15:50:03.0390 0x0db0 [ 1977313E362C8732C1AF4D1BCB9C06B7, C87AD4D2ECBA736C2B2FA55983C543FF5EB19BBBDF689462884CD7819217458F ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 15:50:03.0437 0x0db0 UMWdf - detected UnsignedFile.Multi.Generic ( 1 ) 15:50:05.0843 0x0db0 Detect skipped due to KSN trusted 15:50:05.0843 0x0db0 UMWdf - ok 15:50:06.0187 0x0db0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:50:06.0953 0x0db0 Update - ok 15:50:07.0140 0x0db0 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:50:07.0484 0x0db0 upnphost - ok 15:50:07.0531 0x0db0 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe 15:50:07.0828 0x0db0 UPS - ok 15:50:07.0937 0x0db0 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 15:50:08.0078 0x0db0 usbaudio - ok 15:50:08.0140 0x0db0 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:50:08.0234 0x0db0 usbccgp - ok 15:50:08.0281 0x0db0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:50:08.0328 0x0db0 usbehci - ok 15:50:08.0406 0x0db0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:50:08.0718 0x0db0 usbhub - ok 15:50:08.0781 0x0db0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:50:09.0000 0x0db0 usbstor - ok 15:50:09.0078 0x0db0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:50:09.0281 0x0db0 usbuhci - ok 15:50:09.0421 0x0db0 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 15:50:09.0609 0x0db0 usbvideo - ok 15:50:09.0640 0x0db0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:50:09.0859 0x0db0 VgaSave - ok 15:50:09.0875 0x0db0 ViaIde - ok 15:50:09.0968 0x0db0 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:50:10.0218 0x0db0 VolSnap - ok 15:50:10.0546 0x0db0 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe 15:50:11.0015 0x0db0 VSS - ok 15:50:11.0187 0x0db0 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll 15:50:11.0515 0x0db0 W32Time - ok 15:50:11.0593 0x0db0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:50:11.0875 0x0db0 Wanarp - ok 15:50:12.0218 0x0db0 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 15:50:12.0734 0x0db0 Wdf01000 - ok 15:50:12.0750 0x0db0 WDICA - ok 15:50:12.0828 0x0db0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:50:13.0187 0x0db0 wdmaud - ok 15:50:13.0296 0x0db0 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll 15:50:13.0578 0x0db0 WebClient - ok 15:50:13.0812 0x0db0 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:50:14.0218 0x0db0 winmgmt - ok 15:50:14.0328 0x0db0 [ 5FDCCC838CD95F61097D8A637F842AA8, 9EB9E7BEFFF061E1BABABB13C6C9194E835E53F2D550F5C666F5A4B2FAC2B6D5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 15:50:14.0343 0x0db0 WmdmPmSN - detected UnsignedFile.Multi.Generic ( 1 ) 15:50:16.0750 0x0db0 Detect skipped due to KSN trusted 15:50:16.0750 0x0db0 WmdmPmSN - ok 15:50:17.0234 0x0db0 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll 15:50:18.0125 0x0db0 Wmi - ok 15:50:18.0171 0x0db0 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 15:50:18.0484 0x0db0 WmiAcpi - ok 15:50:18.0656 0x0db0 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:50:19.0031 0x0db0 WmiApSrv - ok 15:50:19.0703 0x0db0 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:50:21.0046 0x0db0 WPFFontCache_v0400 - ok 15:50:21.0156 0x0db0 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:50:21.0468 0x0db0 wscsvc - ok 15:50:21.0562 0x0db0 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:50:21.0812 0x0db0 WSTCODEC - ok 15:50:21.0875 0x0db0 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:50:22.0156 0x0db0 wuauserv - ok 15:50:22.0546 0x0db0 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:50:23.0312 0x0db0 WZCSVC - ok 15:50:23.0453 0x0db0 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:50:23.0703 0x0db0 xmlprov - ok 15:50:23.0812 0x0db0 [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys 15:50:23.0875 0x0db0 xusb21 - ok 15:50:23.0890 0x0db0 ================ Scan global =============================== 15:50:23.0953 0x0db0 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll 15:50:24.0234 0x0db0 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 15:50:24.0640 0x0db0 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 15:50:24.0765 0x0db0 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe 15:50:24.0765 0x0db0 [ Global ] - ok 15:50:24.0765 0x0db0 ================ Scan MBR ================================== 15:50:24.0812 0x0db0 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 15:50:25.0234 0x0db0 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 ) 15:50:25.0234 0x0db0 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:50:27.0625 0x0db0 ================ Scan VBR ================================== 15:50:27.0625 0x0db0 [ 61832E024DE1742A9A6FEAB7F4168BC8 ] \Device\Harddisk0\DR0\Partition1 15:50:27.0656 0x0db0 \Device\Harddisk0\DR0\Partition1 - ok 15:50:27.0656 0x0db0 ================ Scan generic autorun ====================== 15:50:39.0421 0x0db0 [ 496974CF715C9129D38539A4972E01E4, 00B682BDF37D33391C387F2B84F2688083860A511405B9492196DD6C85C7646C ] C:\WINDOWS\RTHDCPL.EXE 15:50:51.0734 0x0db0 RTHDCPL - ok 15:50:51.0796 0x0db0 BluetoothAuthenticationAgent - ok 15:50:52.0296 0x0db0 [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe 15:50:52.0671 0x0db0 avgnt - ok 15:50:52.0796 0x0db0 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe 15:50:52.0953 0x0db0 IgfxTray - ok 15:50:53.0109 0x0db0 [ E44733C30F7FE6A1CE7A6B1D2B335CFC, 1638A7C3426504B090E45E0984F52EA9F8C713EC20509F328FC758C4A271C503 ] C:\WINDOWS\system32\hkcmd.exe 15:50:53.0265 0x0db0 HotKeysCmds - ok 15:50:53.0359 0x0db0 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe 15:50:53.0468 0x0db0 Persistence - ok 15:50:53.0484 0x0db0 KernelFaultCheck - ok 15:50:54.0000 0x0db0 [ C4AA81EA4434C2C14B6648AD7CD8294E, 6D1502770912BD50B310BD068A43188E4CF2C674631BB7A20EAF2E0CFA9C870A ] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe 15:50:54.0359 0x0db0 XboxStat - ok 15:50:54.0406 0x0db0 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 15:50:54.0625 0x0db0 CTFMON.EXE - ok 15:50:54.0703 0x0db0 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 15:50:54.0921 0x0db0 CTFMON.EXE - ok 15:50:54.0984 0x0db0 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 15:50:55.0218 0x0db0 CTFMON.EXE - ok 15:50:55.0281 0x0db0 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe 15:50:55.0500 0x0db0 CTFMON.EXE - ok 15:50:57.0812 0x0db0 [ 6CB0A7EFED5A8B3AAF82D8FF1BF6CB72, 5E306C3145120F14EA407AB431513FA0F6DBFB8B7B2AEE443E1BEC4BD9393F77 ] C:\Programme\DAEMON Tools Lite\DTAgent.exe 15:51:02.0187 0x0db0 DAEMON Tools Lite Automount - ok 15:51:02.0296 0x0db0 Akamai NetSession Interface - ok 15:51:02.0296 0x0db0 Waiting for KSN requests completion. In queue: 1 15:51:03.0296 0x0db0 Waiting for KSN requests completion. In queue: 1 15:51:04.0296 0x0db0 Waiting for KSN requests completion. In queue: 1 15:51:05.0453 0x0db0 AV detected via SS1: Avira Antivirus, 15.0.11.572, enabled, updated 15:51:05.0468 0x0db0 Win FW state via NFM: enabled 15:51:07.0859 0x0db0 ============================================================ 15:51:07.0859 0x0db0 Scan finished 15:51:07.0859 0x0db0 ============================================================ 15:51:07.0890 0x04e8 Detected object count: 1 15:51:07.0890 0x04e8 Actual detected object count: 1 15:52:00.0781 0x04e8 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:52:00.0781 0x04e8 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 15:52:34.0781 0x0660 Deinitialize success Es handelt sich wohl um den Trojaner : TR/ATRAPS.Gen2 In wie weit ist der Gefährlich und Schrauber kannst du sehen wie und wann der Trojaner auf das System gekommen ist ? Grüße Geändert von Anti-Trojana (16.06.2015 um 15:21 Uhr) |
|
17.06.2015, 15:20
| #4 |
| /// the machine /// TB-Ausbilder | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Warum machst Du 2 Themen auf????  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2015, 23:10
| #5 |
| | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Sorry ich dachte Problem und Logfiles werden verschieden gepostet . Hier die Logfile aus TDSSKiller mit dn ersten Fund . Beim Zeiten Scan wurden auch 2 Dinge gefunden. Ich gehe von einen BackDoor Trojaner aus der Mutwillig aufs System geshleuchst wurde. Hier die Files : 18:27:51.0453 0x063c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 18:27:54.0421 0x063c ============================================================ 18:27:54.0421 0x063c Current date / time: 2015/06/16 18:27:54.0421 18:27:54.0421 0x063c SystemInfo: 18:27:54.0421 0x063c 18:27:54.0421 0x063c OS Version: 5.1.2600 ServicePack: 3.0 18:27:54.0421 0x063c Product type: Workstation 18:27:54.0437 0x063c ComputerName: ASPIRE 18:27:54.0437 0x063c UserName: Administrator 18:27:54.0437 0x063c Windows directory: C:\WINDOWS 18:27:54.0437 0x063c System windows directory: C:\WINDOWS 18:27:54.0437 0x063c Processor architecture: Intel x86 18:27:54.0437 0x063c Number of processors: 2 18:27:54.0437 0x063c Page size: 0x1000 18:27:54.0437 0x063c Boot type: Normal boot 18:27:54.0437 0x063c ============================================================ 18:27:57.0718 0x063c KLMD registered as C:\WINDOWS\system32\drivers\66617678.sys 18:27:57.0875 0x063c System UUID: {27CBF010-E887-F38E-70A1-AB45267BF284} 18:27:58.0734 0x063c Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:27:58.0750 0x063c ============================================================ 18:27:58.0750 0x063c \Device\Harddisk0\DR0: 18:27:58.0750 0x063c MBR partitions: 18:27:58.0750 0x063c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7 18:27:58.0750 0x063c ============================================================ 18:27:58.0765 0x063c C: <-> \Device\Harddisk0\DR0\Partition1 18:27:58.0765 0x063c ============================================================ 18:27:58.0765 0x063c Initialize success 18:27:58.0765 0x063c ============================================================ 18:28:05.0109 0x0b28 ============================================================ 18:28:05.0109 0x0b28 Scan started 18:28:05.0109 0x0b28 Mode: Manual; SigCheck; TDLFS; 18:28:05.0109 0x0b28 ============================================================ 18:28:05.0109 0x0b28 KSN ping started 18:28:07.0625 0x0b28 KSN ping finished: true 18:28:08.0421 0x0b28 ================ Scan system memory ======================== 18:28:08.0421 0x0b28 System memory - ok 18:28:08.0421 0x0b28 ================ Scan services ============================= 18:28:08.0531 0x0b28 Abiosdsk - ok 18:28:08.0531 0x0b28 abp480n5 - ok 18:28:08.0593 0x0b28 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:28:09.0281 0x0b28 ACPI - ok 18:28:09.0437 0x0b28 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 18:28:09.0640 0x0b28 ACPIEC - ok 18:28:09.0656 0x0b28 adpu160m - ok 18:28:09.0703 0x0b28 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys 18:28:09.0953 0x0b28 aec - ok 18:28:10.0031 0x0b28 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys 18:28:10.0078 0x0b28 AFD - ok 18:28:10.0078 0x0b28 Aha154x - ok 18:28:10.0093 0x0b28 aic78u2 - ok 18:28:10.0093 0x0b28 aic78xx - ok 18:28:10.0125 0x0b28 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll 18:28:10.0359 0x0b28 Alerter - ok 18:28:10.0390 0x0b28 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe 18:28:10.0593 0x0b28 ALG - ok 18:28:10.0609 0x0b28 AliIde - ok 18:28:10.0796 0x0b28 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys 18:28:11.0031 0x0b28 Ambfilt - ok 18:28:11.0046 0x0b28 amsint - ok 18:28:11.0203 0x0b28 [ 6C82CA438DBBB56EBF46506360411BC9, 61B95C2B92586C80173D12B0D0435DB20DC941A9E1594A90A39569F5888BE4F4 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe 18:28:11.0281 0x0b28 AntiVirMailService - ok 18:28:11.0359 0x0b28 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 18:28:11.0406 0x0b28 AntiVirSchedulerService - ok 18:28:11.0484 0x0b28 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 18:28:11.0546 0x0b28 AntiVirService - ok 18:28:11.0671 0x0b28 [ A9861F16762ABF8C1710E599FBBA6A7E, 42E3E1DDB6BA608928537AA83FF4312A6D6FE7DB0DEF4A1DFA69132F2394E899 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE 18:28:11.0781 0x0b28 AntiVirWebService - ok 18:28:11.0875 0x0b28 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 18:28:12.0171 0x0b28 AppMgmt - ok 18:28:12.0359 0x0b28 [ 7CAE93FE5511D0C0688CFA56CF241E31, EF02A5A8FE71A8DAA99D2D82573EA91706B580DFB2A212B4D862C6500498CD87 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 18:28:12.0531 0x0b28 AR5416 - ok 18:28:12.0546 0x0b28 asc - ok 18:28:12.0562 0x0b28 asc3350p - ok 18:28:12.0562 0x0b28 asc3550 - ok 18:28:12.0656 0x0b28 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:28:12.0687 0x0b28 aspnet_state - ok 18:28:12.0718 0x0b28 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:28:12.0968 0x0b28 AsyncMac - ok 18:28:13.0046 0x0b28 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 18:28:13.0312 0x0b28 atapi - ok 18:28:13.0312 0x0b28 Atdisk - ok 18:28:13.0390 0x0b28 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:28:13.0656 0x0b28 Atmarpc - ok 18:28:13.0734 0x0b28 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 18:28:14.0000 0x0b28 AudioSrv - ok 18:28:14.0078 0x0b28 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 18:28:14.0312 0x0b28 audstub - ok 18:28:14.0359 0x0b28 [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:28:14.0390 0x0b28 avgntflt - ok 18:28:14.0453 0x0b28 [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:28:14.0484 0x0b28 avipbb - ok 18:28:14.0531 0x0b28 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 18:28:14.0546 0x0b28 avkmgr - ok 18:28:14.0593 0x0b28 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys 18:28:14.0843 0x0b28 Beep - ok 18:28:14.0968 0x0b28 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll 18:28:15.0234 0x0b28 BITS - ok 18:28:15.0312 0x0b28 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll 18:28:15.0359 0x0b28 Browser - ok 18:28:15.0390 0x0b28 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 18:28:15.0656 0x0b28 BthEnum - ok 18:28:15.0718 0x0b28 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys 18:28:15.0921 0x0b28 BTHMODEM - ok 18:28:15.0968 0x0b28 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 18:28:16.0187 0x0b28 BthPan - ok 18:28:16.0281 0x0b28 [ 592E1CEDBE314D0EF184DC6F46141E76, D69106F90C56C1E67BA4B96D6766C6676B66D0E0DF8358DA4B75FEFF211AA23E ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 18:28:16.0328 0x0b28 BTHPORT - ok 18:28:16.0375 0x0b28 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ C:\WINDOWS\System32\bthserv.dll 18:28:16.0578 0x0b28 BthServ - ok 18:28:16.0656 0x0b28 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 18:28:16.0906 0x0b28 BTHUSB - ok 18:28:16.0968 0x0b28 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 18:28:17.0156 0x0b28 cbidf2k - ok 18:28:17.0218 0x0b28 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:28:17.0437 0x0b28 CCDECODE - ok 18:28:17.0437 0x0b28 cd20xrnt - ok 18:28:17.0515 0x0b28 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 18:28:17.0718 0x0b28 Cdaudio - ok 18:28:17.0781 0x0b28 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 18:28:18.0000 0x0b28 Cdfs - ok 18:28:18.0046 0x0b28 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:28:18.0250 0x0b28 Cdrom - ok 18:28:18.0265 0x0b28 Changer - ok 18:28:18.0328 0x0b28 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe 18:28:18.0531 0x0b28 CiSvc - ok 18:28:18.0578 0x0b28 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 18:28:18.0796 0x0b28 ClipSrv - ok 18:28:18.0875 0x0b28 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:28:18.0890 0x0b28 clr_optimization_v2.0.50727_32 - ok 18:28:18.0968 0x0b28 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:28:19.0000 0x0b28 clr_optimization_v4.0.30319_32 - ok 18:28:19.0046 0x0b28 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 18:28:19.0250 0x0b28 CmBatt - ok 18:28:19.0250 0x0b28 CmdIde - ok 18:28:19.0312 0x0b28 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 18:28:19.0546 0x0b28 Compbatt - ok 18:28:19.0562 0x0b28 COMSysApp - ok 18:28:19.0578 0x0b28 Cpqarray - ok 18:28:19.0640 0x0b28 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 18:28:19.0859 0x0b28 CryptSvc - ok 18:28:19.0875 0x0b28 dac2w2k - ok 18:28:19.0875 0x0b28 dac960nt - ok 18:28:19.0984 0x0b28 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 18:28:20.0062 0x0b28 DcomLaunch - ok 18:28:20.0109 0x0b28 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 18:28:20.0328 0x0b28 Dhcp - ok 18:28:20.0515 0x0b28 [ 589C7025A04F697B3D140ACCEC5F8592, 8470CB7BD2892E9452A8BD713F85D573AC6B4BFAE25D28A578D329311196EA34 ] Disc Soft Lite Bus Service C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe 18:28:20.0640 0x0b28 Disc Soft Lite Bus Service - ok 18:28:20.0703 0x0b28 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 18:28:20.0937 0x0b28 Disk - ok 18:28:20.0953 0x0b28 dmadmin - ok 18:28:21.0062 0x0b28 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 18:28:21.0468 0x0b28 dmboot - ok 18:28:21.0531 0x0b28 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 18:28:21.0781 0x0b28 dmio - ok 18:28:21.0843 0x0b28 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys 18:28:22.0093 0x0b28 dmload - ok 18:28:22.0171 0x0b28 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll 18:28:22.0421 0x0b28 dmserver - ok 18:28:22.0500 0x0b28 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 18:28:22.0750 0x0b28 DMusic - ok 18:28:22.0843 0x0b28 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 18:28:22.0859 0x0b28 Dnscache - ok 18:28:22.0906 0x0b28 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 18:28:23.0171 0x0b28 Dot3svc - ok 18:28:23.0187 0x0b28 dpti2o - ok 18:28:23.0234 0x0b28 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 18:28:23.0468 0x0b28 drmkaud - ok 18:28:23.0546 0x0b28 [ 0026A0408C87AB8DCA6FF9A8977C7066, EF64AE4717E68A090D5D86A39C32994A521B7488622569E6B42ED31E83C1AA8C ] dtlitescsibus C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys 18:28:23.0578 0x0b28 dtlitescsibus - ok 18:28:23.0609 0x0b28 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll 18:28:23.0859 0x0b28 EapHost - ok 18:28:23.0937 0x0b28 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll 18:28:24.0218 0x0b28 ERSvc - ok 18:28:24.0312 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe 18:28:24.0359 0x0b28 Eventlog - ok 18:28:24.0421 0x0b28 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll 18:28:24.0468 0x0b28 EventSystem - ok 18:28:24.0515 0x0b28 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 18:28:24.0718 0x0b28 Fastfat - ok 18:28:24.0812 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 18:28:24.0859 0x0b28 FastUserSwitchingCompatibility - ok 18:28:24.0875 0x0b28 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 18:28:25.0062 0x0b28 Fdc - ok 18:28:25.0078 0x0b28 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys 18:28:25.0328 0x0b28 Fips - ok 18:28:25.0375 0x0b28 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 18:28:25.0578 0x0b28 Flpydisk - ok 18:28:25.0640 0x0b28 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 18:28:25.0843 0x0b28 FltMgr - ok 18:28:25.0906 0x0b28 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:28:26.0109 0x0b28 Fs_Rec - ok 18:28:26.0203 0x0b28 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:28:26.0421 0x0b28 Ftdisk - ok 18:28:26.0453 0x0b28 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:28:26.0671 0x0b28 Gpc - ok 18:28:26.0718 0x0b28 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:28:26.0937 0x0b28 HDAudBus - ok 18:28:27.0031 0x0b28 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:28:27.0234 0x0b28 helpsvc - ok 18:28:27.0296 0x0b28 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll 18:28:27.0515 0x0b28 HidServ - ok 18:28:27.0593 0x0b28 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:28:27.0812 0x0b28 HidUsb - ok 18:28:27.0890 0x0b28 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 18:28:28.0125 0x0b28 hkmsvc - ok 18:28:28.0140 0x0b28 hpn - ok 18:28:28.0218 0x0b28 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 18:28:28.0296 0x0b28 HTTP - ok 18:28:28.0343 0x0b28 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 18:28:28.0593 0x0b28 HTTPFilter - ok 18:28:28.0609 0x0b28 i2omgmt - ok 18:28:28.0609 0x0b28 i2omp - ok 18:28:28.0671 0x0b28 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:28:28.0875 0x0b28 i8042prt - ok 18:28:29.0375 0x0b28 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 18:28:30.0015 0x0b28 ialm - ok 18:28:30.0078 0x0b28 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 18:28:30.0296 0x0b28 Imapi - ok 18:28:30.0375 0x0b28 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe 18:28:30.0656 0x0b28 ImapiService - ok 18:28:30.0671 0x0b28 ini910u - ok 18:28:31.0218 0x0b28 [ 2E9CDF1766FA55E88443E1EF48923BC8, 34194B34A0D5974B3207E774265A533F3D9181CBBDD382ABD0E3AB85BBCB76A7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 18:28:31.0765 0x0b28 IntcAzAudAddService - ok 18:28:31.0796 0x0b28 IntelIde - ok 18:28:31.0875 0x0b28 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:28:32.0078 0x0b28 intelppm - ok 18:28:32.0125 0x0b28 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 18:28:32.0375 0x0b28 Ip6Fw - ok 18:28:32.0421 0x0b28 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:28:32.0625 0x0b28 IpFilterDriver - ok 18:28:32.0671 0x0b28 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:28:32.0890 0x0b28 IpInIp - ok 18:28:32.0953 0x0b28 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:28:33.0171 0x0b28 IpNat - ok 18:28:33.0234 0x0b28 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:28:33.0437 0x0b28 IPSec - ok 18:28:33.0484 0x0b28 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 18:28:33.0687 0x0b28 IRENUM - ok 18:28:33.0750 0x0b28 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:28:33.0937 0x0b28 isapnp - ok 18:28:34.0000 0x0b28 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:28:34.0187 0x0b28 Kbdclass - ok 18:28:34.0265 0x0b28 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 18:28:34.0484 0x0b28 kmixer - ok 18:28:34.0546 0x0b28 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 18:28:34.0578 0x0b28 KSecDD - ok 18:28:34.0625 0x0b28 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 18:28:34.0656 0x0b28 lanmanserver - ok 18:28:34.0703 0x0b28 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 18:28:34.0750 0x0b28 lanmanworkstation - ok 18:28:34.0750 0x0b28 lbrtfdc - ok 18:28:34.0812 0x0b28 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 18:28:35.0015 0x0b28 LmHosts - ok 18:28:35.0062 0x0b28 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll 18:28:35.0281 0x0b28 Messenger - ok 18:28:35.0328 0x0b28 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 18:28:35.0531 0x0b28 mnmdd - ok 18:28:35.0609 0x0b28 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 18:28:35.0812 0x0b28 mnmsrvc - ok 18:28:35.0875 0x0b28 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 18:28:36.0093 0x0b28 Modem - ok 18:28:36.0250 0x0b28 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys 18:28:36.0390 0x0b28 Monfilt - ok 18:28:36.0421 0x0b28 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:28:36.0625 0x0b28 Mouclass - ok 18:28:36.0687 0x0b28 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:28:36.0890 0x0b28 mouhid - ok 18:28:36.0968 0x0b28 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 18:28:37.0156 0x0b28 MountMgr - ok 18:28:37.0171 0x0b28 mraid35x - ok 18:28:37.0234 0x0b28 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:28:37.0453 0x0b28 MRxDAV - ok 18:28:37.0546 0x0b28 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:28:37.0640 0x0b28 MRxSmb - ok 18:28:37.0687 0x0b28 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe 18:28:37.0875 0x0b28 MSDTC - ok 18:28:37.0937 0x0b28 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 18:28:38.0140 0x0b28 Msfs - ok 18:28:38.0140 0x0b28 MSIServer - ok 18:28:38.0203 0x0b28 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:28:38.0437 0x0b28 MSKSSRV - ok 18:28:38.0468 0x0b28 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:28:38.0671 0x0b28 MSPCLOCK - ok 18:28:38.0718 0x0b28 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 18:28:38.0937 0x0b28 MSPQM - ok 18:28:39.0015 0x0b28 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:28:39.0203 0x0b28 mssmbios - ok 18:28:39.0265 0x0b28 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 18:28:39.0484 0x0b28 MSTEE - ok 18:28:39.0562 0x0b28 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 18:28:39.0609 0x0b28 Mup - ok 18:28:39.0625 0x0b28 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:28:39.0890 0x0b28 NABTSFEC - ok 18:28:39.0968 0x0b28 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll 18:28:40.0234 0x0b28 napagent - ok 18:28:40.0296 0x0b28 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 18:28:40.0515 0x0b28 NDIS - ok 18:28:40.0578 0x0b28 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:28:40.0781 0x0b28 NdisIP - ok 18:28:40.0843 0x0b28 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:28:40.0875 0x0b28 NdisTapi - ok 18:28:40.0906 0x0b28 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:28:41.0109 0x0b28 Ndisuio - ok 18:28:41.0125 0x0b28 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:28:41.0328 0x0b28 NdisWan - ok 18:28:41.0421 0x0b28 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 18:28:41.0468 0x0b28 NDProxy - ok 18:28:41.0500 0x0b28 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 18:28:41.0718 0x0b28 NetBIOS - ok 18:28:41.0781 0x0b28 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 18:28:42.0000 0x0b28 NetBT - ok 18:28:42.0078 0x0b28 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe 18:28:42.0296 0x0b28 NetDDE - ok 18:28:42.0359 0x0b28 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 18:28:42.0578 0x0b28 NetDDEdsdm - ok 18:28:42.0640 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe 18:28:42.0859 0x0b28 Netlogon - ok 18:28:42.0921 0x0b28 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll 18:28:43.0140 0x0b28 Netman - ok 18:28:43.0218 0x0b28 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll 18:28:43.0281 0x0b28 Nla - ok 18:28:43.0328 0x0b28 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 18:28:43.0562 0x0b28 Npfs - ok 18:28:43.0609 0x0b28 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 18:28:43.0890 0x0b28 Ntfs - ok 18:28:43.0953 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 18:28:44.0140 0x0b28 NtLmSsp - ok 18:28:44.0234 0x0b28 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 18:28:44.0484 0x0b28 NtmsSvc - ok 18:28:44.0546 0x0b28 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys 18:28:44.0734 0x0b28 Null - ok 18:28:44.0812 0x0b28 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:28:45.0015 0x0b28 NwlnkFlt - ok 18:28:45.0031 0x0b28 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:28:45.0218 0x0b28 NwlnkFwd - ok 18:28:45.0296 0x0b28 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 18:28:45.0500 0x0b28 Parport - ok 18:28:45.0546 0x0b28 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 18:28:45.0750 0x0b28 PartMgr - ok 18:28:45.0796 0x0b28 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 18:28:46.0000 0x0b28 ParVdm - ok 18:28:46.0062 0x0b28 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 18:28:46.0265 0x0b28 PCI - ok 18:28:46.0265 0x0b28 PCIDump - ok 18:28:46.0328 0x0b28 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 18:28:46.0515 0x0b28 PCIIde - ok 18:28:46.0578 0x0b28 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 18:28:46.0781 0x0b28 Pcmcia - ok 18:28:46.0796 0x0b28 PDCOMP - ok 18:28:46.0796 0x0b28 PDFRAME - ok 18:28:46.0812 0x0b28 PDRELI - ok 18:28:46.0828 0x0b28 PDRFRAME - ok 18:28:46.0828 0x0b28 perc2 - ok 18:28:46.0843 0x0b28 perc2hib - ok 18:28:46.0921 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe 18:28:46.0953 0x0b28 PlugPlay - ok 18:28:47.0000 0x0b28 [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe 18:28:47.0031 0x0b28 PnkBstrA - ok 18:28:47.0031 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 18:28:47.0234 0x0b28 PolicyAgent - ok 18:28:47.0312 0x0b28 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:28:47.0531 0x0b28 PptpMiniport - ok 18:28:47.0578 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 18:28:47.0781 0x0b28 ProtectedStorage - ok 18:28:47.0843 0x0b28 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 18:28:48.0093 0x0b28 PSched - ok 18:28:48.0093 0x0b28 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:28:48.0359 0x0b28 Ptilink - ok 18:28:48.0375 0x0b28 ql1080 - ok 18:28:48.0390 0x0b28 Ql10wnt - ok 18:28:48.0390 0x0b28 ql12160 - ok 18:28:48.0406 0x0b28 ql1240 - ok 18:28:48.0406 0x0b28 ql1280 - ok 18:28:48.0468 0x0b28 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:28:48.0671 0x0b28 RasAcd - ok 18:28:48.0750 0x0b28 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll 18:28:48.0968 0x0b28 RasAuto - ok 18:28:49.0015 0x0b28 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:28:49.0218 0x0b28 Rasl2tp - ok 18:28:49.0296 0x0b28 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll 18:28:49.0531 0x0b28 RasMan - ok 18:28:49.0593 0x0b28 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:28:49.0796 0x0b28 RasPppoe - ok 18:28:49.0859 0x0b28 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 18:28:50.0062 0x0b28 Raspti - ok 18:28:50.0125 0x0b28 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:28:50.0343 0x0b28 Rdbss - ok 18:28:50.0390 0x0b28 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:28:50.0593 0x0b28 RDPCDD - ok 18:28:50.0671 0x0b28 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:28:50.0890 0x0b28 rdpdr - ok 18:28:50.0968 0x0b28 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 18:28:51.0015 0x0b28 RDPWD - ok 18:28:51.0078 0x0b28 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 18:28:51.0296 0x0b28 RDSessMgr - ok 18:28:51.0343 0x0b28 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 18:28:51.0546 0x0b28 redbook - ok 18:28:51.0625 0x0b28 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 18:28:51.0843 0x0b28 RemoteAccess - ok 18:28:51.0890 0x0b28 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 18:28:52.0109 0x0b28 RemoteRegistry - ok 18:28:52.0187 0x0b28 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 18:28:52.0390 0x0b28 RFCOMM - ok 18:28:52.0406 0x0b28 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe 18:28:52.0625 0x0b28 RpcLocator - ok 18:28:52.0703 0x0b28 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll 18:28:52.0765 0x0b28 RpcSs - ok 18:28:52.0812 0x0b28 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe 18:28:53.0031 0x0b28 RSVP - ok 18:28:53.0078 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe 18:28:53.0281 0x0b28 SamSs - ok 18:28:53.0359 0x0b28 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 18:28:53.0593 0x0b28 SCardSvr - ok 18:28:53.0640 0x0b28 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll 18:28:53.0859 0x0b28 Schedule - ok 18:28:53.0937 0x0b28 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:28:54.0140 0x0b28 Secdrv - ok 18:28:54.0203 0x0b28 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll 18:28:54.0421 0x0b28 seclogon - ok 18:28:54.0500 0x0b28 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll 18:28:54.0687 0x0b28 SENS - ok 18:28:54.0765 0x0b28 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 18:28:54.0984 0x0b28 Serial - ok 18:28:55.0046 0x0b28 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 18:28:55.0250 0x0b28 Sfloppy - ok 18:28:55.0343 0x0b28 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 18:28:55.0640 0x0b28 SharedAccess - ok 18:28:55.0718 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 18:28:55.0750 0x0b28 ShellHWDetection - ok 18:28:55.0765 0x0b28 Simbad - ok 18:28:55.0796 0x0b28 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:28:56.0046 0x0b28 SLIP - ok 18:28:56.0062 0x0b28 Sparrow - ok 18:28:56.0125 0x0b28 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys 18:28:56.0375 0x0b28 splitter - ok 18:28:56.0437 0x0b28 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe 18:28:56.0468 0x0b28 Spooler - ok 18:28:56.0515 0x0b28 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 18:28:56.0750 0x0b28 sr - ok 18:28:56.0828 0x0b28 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll 18:28:57.0093 0x0b28 srservice - ok 18:28:57.0187 0x0b28 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 18:28:57.0250 0x0b28 Srv - ok 18:28:57.0296 0x0b28 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 18:28:57.0546 0x0b28 SSDPSRV - ok 18:28:57.0625 0x0b28 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:28:57.0656 0x0b28 ssmdrv - ok 18:28:57.0734 0x0b28 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll 18:28:58.0015 0x0b28 stisvc - ok 18:28:58.0078 0x0b28 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:28:58.0343 0x0b28 streamip - ok 18:28:58.0406 0x0b28 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 18:28:58.0640 0x0b28 swenum - ok 18:28:58.0718 0x0b28 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 18:28:58.0953 0x0b28 swmidi - ok 18:28:58.0968 0x0b28 SwPrv - ok 18:28:58.0984 0x0b28 symc810 - ok 18:28:59.0000 0x0b28 symc8xx - ok 18:28:59.0000 0x0b28 sym_hi - ok 18:28:59.0015 0x0b28 sym_u3 - ok 18:28:59.0046 0x0b28 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 18:28:59.0250 0x0b28 sysaudio - ok 18:28:59.0328 0x0b28 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 18:28:59.0546 0x0b28 SysmonLog - ok 18:28:59.0625 0x0b28 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 18:28:59.0859 0x0b28 TapiSrv - ok 18:28:59.0968 0x0b28 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:29:00.0031 0x0b28 Tcpip - ok 18:29:00.0062 0x0b28 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 18:29:00.0312 0x0b28 TDPIPE - ok 18:29:00.0359 0x0b28 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 18:29:00.0609 0x0b28 TDTCP - ok 18:29:00.0656 0x0b28 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 18:29:00.0875 0x0b28 TermDD - ok 18:29:00.0953 0x0b28 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll 18:29:01.0187 0x0b28 TermService - ok 18:29:01.0250 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll 18:29:01.0281 0x0b28 Themes - ok 18:29:01.0328 0x0b28 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 18:29:01.0531 0x0b28 TlntSvr - ok 18:29:01.0546 0x0b28 TosIde - ok 18:29:01.0625 0x0b28 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll 18:29:01.0828 0x0b28 TrkWks - ok 18:29:01.0906 0x0b28 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 18:29:02.0125 0x0b28 Udfs - ok 18:29:02.0140 0x0b28 ultra - ok 18:29:02.0203 0x0b28 [ 1977313E362C8732C1AF4D1BCB9C06B7, C87AD4D2ECBA736C2B2FA55983C543FF5EB19BBBDF689462884CD7819217458F ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 18:29:02.0218 0x0b28 UMWdf - detected UnsignedFile.Multi.Generic ( 1 ) 18:29:04.0843 0x0b28 Detect skipped due to KSN trusted 18:29:04.0843 0x0b28 UMWdf - ok 18:29:04.0953 0x0b28 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 18:29:05.0312 0x0b28 Update - ok 18:29:05.0406 0x0b28 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll 18:29:05.0609 0x0b28 upnphost - ok 18:29:05.0671 0x0b28 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe 18:29:05.0875 0x0b28 UPS - ok 18:29:05.0953 0x0b28 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 18:29:05.0984 0x0b28 usbaudio - ok 18:29:06.0031 0x0b28 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:29:06.0062 0x0b28 usbccgp - ok 18:29:06.0093 0x0b28 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:29:06.0109 0x0b28 usbehci - ok 18:29:06.0140 0x0b28 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:29:06.0359 0x0b28 usbhub - ok 18:29:06.0390 0x0b28 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:29:06.0578 0x0b28 usbstor - ok 18:29:06.0640 0x0b28 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:29:06.0828 0x0b28 usbuhci - ok 18:29:06.0890 0x0b28 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 18:29:06.0921 0x0b28 usbvideo - ok 18:29:06.0953 0x0b28 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 18:29:07.0156 0x0b28 VgaSave - ok 18:29:07.0156 0x0b28 ViaIde - ok 18:29:07.0234 0x0b28 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 18:29:07.0437 0x0b28 VolSnap - ok 18:29:07.0500 0x0b28 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe 18:29:07.0718 0x0b28 VSS - ok 18:29:07.0781 0x0b28 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll 18:29:08.0000 0x0b28 W32Time - ok 18:29:08.0046 0x0b28 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:29:08.0265 0x0b28 Wanarp - ok 18:29:08.0359 0x0b28 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 18:29:08.0421 0x0b28 Wdf01000 - ok 18:29:08.0421 0x0b28 WDICA - ok 18:29:08.0453 0x0b28 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 18:29:08.0671 0x0b28 wdmaud - ok 18:29:08.0750 0x0b28 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll 18:29:08.0953 0x0b28 WebClient - ok 18:29:09.0078 0x0b28 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 18:29:09.0296 0x0b28 winmgmt - ok 18:29:09.0406 0x0b28 [ 5FDCCC838CD95F61097D8A637F842AA8, 9EB9E7BEFFF061E1BABABB13C6C9194E835E53F2D550F5C666F5A4B2FAC2B6D5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 18:29:09.0406 0x0b28 WmdmPmSN - detected UnsignedFile.Multi.Generic ( 1 ) 18:29:11.0828 0x0b28 Detect skipped due to KSN trusted 18:29:11.0828 0x0b28 WmdmPmSN - ok 18:29:11.0968 0x0b28 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll 18:29:12.0109 0x0b28 Wmi - ok 18:29:12.0140 0x0b28 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 18:29:12.0343 0x0b28 WmiAcpi - ok 18:29:12.0406 0x0b28 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:29:12.0625 0x0b28 WmiApSrv - ok 18:29:12.0765 0x0b28 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 18:29:12.0859 0x0b28 WPFFontCache_v0400 - ok 18:29:12.0906 0x0b28 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 18:29:13.0125 0x0b28 wscsvc - ok 18:29:13.0187 0x0b28 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:29:13.0390 0x0b28 WSTCODEC - ok 18:29:13.0421 0x0b28 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll 18:29:13.0625 0x0b28 wuauserv - ok 18:29:13.0734 0x0b28 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 18:29:13.0984 0x0b28 WZCSVC - ok 18:29:14.0046 0x0b28 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll 18:29:14.0296 0x0b28 xmlprov - ok 18:29:14.0359 0x0b28 [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys 18:29:14.0390 0x0b28 xusb21 - ok 18:29:14.0406 0x0b28 ================ Scan global =============================== 18:29:14.0437 0x0b28 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll 18:29:14.0609 0x0b28 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 18:29:14.0687 0x0b28 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 18:29:14.0812 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe 18:29:14.0828 0x0b28 [ Global ] - ok 18:29:14.0828 0x0b28 ================ Scan MBR ================================== 18:29:14.0843 0x0b28 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 18:29:15.0062 0x0b28 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 ) 18:29:15.0062 0x0b28 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:29:17.0453 0x0b28 ================ Scan VBR ================================== 18:29:17.0468 0x0b28 [ 61832E024DE1742A9A6FEAB7F4168BC8 ] \Device\Harddisk0\DR0\Partition1 18:29:17.0468 0x0b28 \Device\Harddisk0\DR0\Partition1 - ok 18:29:17.0468 0x0b28 ================ Scan generic autorun ====================== 18:29:18.0984 0x0b28 [ 496974CF715C9129D38539A4972E01E4, 00B682BDF37D33391C387F2B84F2688083860A511405B9492196DD6C85C7646C ] C:\WINDOWS\RTHDCPL.EXE 18:29:20.0593 0x0b28 RTHDCPL - ok 18:29:20.0656 0x0b28 BluetoothAuthenticationAgent - ok 18:29:20.0750 0x0b28 [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe 18:29:20.0812 0x0b28 avgnt - ok 18:29:20.0843 0x0b28 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe 18:29:20.0890 0x0b28 IgfxTray - ok 18:29:20.0921 0x0b28 [ E44733C30F7FE6A1CE7A6B1D2B335CFC, 1638A7C3426504B090E45E0984F52EA9F8C713EC20509F328FC758C4A271C503 ] C:\WINDOWS\system32\hkcmd.exe 18:29:20.0968 0x0b28 HotKeysCmds - ok 18:29:20.0984 0x0b28 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe 18:29:21.0031 0x0b28 Persistence - ok 18:29:21.0046 0x0b28 KernelFaultCheck - ok 18:29:21.0125 0x0b28 [ C4AA81EA4434C2C14B6648AD7CD8294E, 6D1502770912BD50B310BD068A43188E4CF2C674631BB7A20EAF2E0CFA9C870A ] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe 18:29:21.0203 0x0b28 XboxStat - ok 18:29:21.0218 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 18:29:21.0437 0x0b28 CTFMON.EXE - ok 18:29:21.0468 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 18:29:21.0671 0x0b28 CTFMON.EXE - ok 18:29:21.0734 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 18:29:21.0921 0x0b28 CTFMON.EXE - ok 18:29:21.0968 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe 18:29:22.0156 0x0b28 CTFMON.EXE - ok 18:29:22.0484 0x0b28 [ 6CB0A7EFED5A8B3AAF82D8FF1BF6CB72, 5E306C3145120F14EA407AB431513FA0F6DBFB8B7B2AEE443E1BEC4BD9393F77 ] C:\Programme\DAEMON Tools Lite\DTAgent.exe 18:29:22.0812 0x0b28 DAEMON Tools Lite Automount - ok 18:29:22.0890 0x0b28 Akamai NetSession Interface - ok 18:29:22.0890 0x0b28 Waiting for KSN requests completion. In queue: 11 18:29:23.0890 0x0b28 Waiting for KSN requests completion. In queue: 11 18:29:24.0890 0x0b28 Waiting for KSN requests completion. In queue: 11 18:29:25.0984 0x0b28 AV detected via SS1: Avira Antivirus, 15.0.11.572, enabled, updated 18:29:26.0000 0x0b28 Win FW state via NFM: enabled 18:29:28.0390 0x0b28 ============================================================ 18:29:28.0390 0x0b28 Scan finished 18:29:28.0390 0x0b28 ============================================================ 18:29:28.0437 0x0fa0 Detected object count: 1 18:29:28.0437 0x0fa0 Actual detected object count: 1 18:37:45.0687 0x0fa0 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:37:45.0687 0x0fa0 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 18:38:19.0734 0x01bc Deinitialize success Code:
ATTFilter Sorry ich dachte Problem und Logfiles werden verschieden gepostet .
Hier die Logfile aus TDSSKiller mit dn ersten Fund . Beim Zeiten Scan wurden auch 2 Dinge gefunden. Ich gehe von einen BackDoor Trojaner aus der Mutwillig aufs System geshleuchst wurde.
Hier die Files :
18:27:51.0453 0x063c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:27:54.0421 0x063c ============================================================
18:27:54.0421 0x063c Current date / time: 2015/06/16 18:27:54.0421
18:27:54.0421 0x063c SystemInfo:
18:27:54.0421 0x063c
18:27:54.0421 0x063c OS Version: 5.1.2600 ServicePack: 3.0
18:27:54.0421 0x063c Product type: Workstation
18:27:54.0437 0x063c ComputerName: ASPIRE
18:27:54.0437 0x063c UserName: Administrator
18:27:54.0437 0x063c Windows directory: C:\WINDOWS
18:27:54.0437 0x063c System windows directory: C:\WINDOWS
18:27:54.0437 0x063c Processor architecture: Intel x86
18:27:54.0437 0x063c Number of processors: 2
18:27:54.0437 0x063c Page size: 0x1000
18:27:54.0437 0x063c Boot type: Normal boot
18:27:54.0437 0x063c ============================================================
18:27:57.0718 0x063c KLMD registered as C:\WINDOWS\system32\drivers\66617678.sys
18:27:57.0875 0x063c System UUID: {27CBF010-E887-F38E-70A1-AB45267BF284}
18:27:58.0734 0x063c Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:27:58.0750 0x063c ============================================================
18:27:58.0750 0x063c \Device\Harddisk0\DR0:
18:27:58.0750 0x063c MBR partitions:
18:27:58.0750 0x063c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7
18:27:58.0750 0x063c ============================================================
18:27:58.0765 0x063c C: <-> \Device\Harddisk0\DR0\Partition1
18:27:58.0765 0x063c ============================================================
18:27:58.0765 0x063c Initialize success
18:27:58.0765 0x063c ============================================================
18:28:05.0109 0x0b28 ============================================================
18:28:05.0109 0x0b28 Scan started
18:28:05.0109 0x0b28 Mode: Manual; SigCheck; TDLFS;
18:28:05.0109 0x0b28 ============================================================
18:28:05.0109 0x0b28 KSN ping started
18:28:07.0625 0x0b28 KSN ping finished: true
18:28:08.0421 0x0b28 ================ Scan system memory ========================
18:28:08.0421 0x0b28 System memory - ok
18:28:08.0421 0x0b28 ================ Scan services =============================
18:28:08.0531 0x0b28 Abiosdsk - ok
18:28:08.0531 0x0b28 abp480n5 - ok
18:28:08.0593 0x0b28 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:28:09.0281 0x0b28 ACPI - ok
18:28:09.0437 0x0b28 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:28:09.0640 0x0b28 ACPIEC - ok
18:28:09.0656 0x0b28 adpu160m - ok
18:28:09.0703 0x0b28 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:28:09.0953 0x0b28 aec - ok
18:28:10.0031 0x0b28 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:28:10.0078 0x0b28 AFD - ok
18:28:10.0078 0x0b28 Aha154x - ok
18:28:10.0093 0x0b28 aic78u2 - ok
18:28:10.0093 0x0b28 aic78xx - ok
18:28:10.0125 0x0b28 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:28:10.0359 0x0b28 Alerter - ok
18:28:10.0390 0x0b28 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
18:28:10.0593 0x0b28 ALG - ok
18:28:10.0609 0x0b28 AliIde - ok
18:28:10.0796 0x0b28 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:28:11.0031 0x0b28 Ambfilt - ok
18:28:11.0046 0x0b28 amsint - ok
18:28:11.0203 0x0b28 [ 6C82CA438DBBB56EBF46506360411BC9, 61B95C2B92586C80173D12B0D0435DB20DC941A9E1594A90A39569F5888BE4F4 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
18:28:11.0281 0x0b28 AntiVirMailService - ok
18:28:11.0359 0x0b28 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
18:28:11.0406 0x0b28 AntiVirSchedulerService - ok
18:28:11.0484 0x0b28 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:28:11.0546 0x0b28 AntiVirService - ok
18:28:11.0671 0x0b28 [ A9861F16762ABF8C1710E599FBBA6A7E, 42E3E1DDB6BA608928537AA83FF4312A6D6FE7DB0DEF4A1DFA69132F2394E899 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:28:11.0781 0x0b28 AntiVirWebService - ok
18:28:11.0875 0x0b28 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:28:12.0171 0x0b28 AppMgmt - ok
18:28:12.0359 0x0b28 [ 7CAE93FE5511D0C0688CFA56CF241E31, EF02A5A8FE71A8DAA99D2D82573EA91706B580DFB2A212B4D862C6500498CD87 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
18:28:12.0531 0x0b28 AR5416 - ok
18:28:12.0546 0x0b28 asc - ok
18:28:12.0562 0x0b28 asc3350p - ok
18:28:12.0562 0x0b28 asc3550 - ok
18:28:12.0656 0x0b28 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:28:12.0687 0x0b28 aspnet_state - ok
18:28:12.0718 0x0b28 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:28:12.0968 0x0b28 AsyncMac - ok
18:28:13.0046 0x0b28 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:28:13.0312 0x0b28 atapi - ok
18:28:13.0312 0x0b28 Atdisk - ok
18:28:13.0390 0x0b28 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:28:13.0656 0x0b28 Atmarpc - ok
18:28:13.0734 0x0b28 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:28:14.0000 0x0b28 AudioSrv - ok
18:28:14.0078 0x0b28 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:28:14.0312 0x0b28 audstub - ok
18:28:14.0359 0x0b28 [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:28:14.0390 0x0b28 avgntflt - ok
18:28:14.0453 0x0b28 [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:28:14.0484 0x0b28 avipbb - ok
18:28:14.0531 0x0b28 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:28:14.0546 0x0b28 avkmgr - ok
18:28:14.0593 0x0b28 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:28:14.0843 0x0b28 Beep - ok
18:28:14.0968 0x0b28 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
18:28:15.0234 0x0b28 BITS - ok
18:28:15.0312 0x0b28 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
18:28:15.0359 0x0b28 Browser - ok
18:28:15.0390 0x0b28 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:28:15.0656 0x0b28 BthEnum - ok
18:28:15.0718 0x0b28 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
18:28:15.0921 0x0b28 BTHMODEM - ok
18:28:15.0968 0x0b28 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:28:16.0187 0x0b28 BthPan - ok
18:28:16.0281 0x0b28 [ 592E1CEDBE314D0EF184DC6F46141E76, D69106F90C56C1E67BA4B96D6766C6676B66D0E0DF8358DA4B75FEFF211AA23E ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
18:28:16.0328 0x0b28 BTHPORT - ok
18:28:16.0375 0x0b28 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ C:\WINDOWS\System32\bthserv.dll
18:28:16.0578 0x0b28 BthServ - ok
18:28:16.0656 0x0b28 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:28:16.0906 0x0b28 BTHUSB - ok
18:28:16.0968 0x0b28 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:28:17.0156 0x0b28 cbidf2k - ok
18:28:17.0218 0x0b28 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:28:17.0437 0x0b28 CCDECODE - ok
18:28:17.0437 0x0b28 cd20xrnt - ok
18:28:17.0515 0x0b28 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:28:17.0718 0x0b28 Cdaudio - ok
18:28:17.0781 0x0b28 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:28:18.0000 0x0b28 Cdfs - ok
18:28:18.0046 0x0b28 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:28:18.0250 0x0b28 Cdrom - ok
18:28:18.0265 0x0b28 Changer - ok
18:28:18.0328 0x0b28 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:28:18.0531 0x0b28 CiSvc - ok
18:28:18.0578 0x0b28 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:28:18.0796 0x0b28 ClipSrv - ok
18:28:18.0875 0x0b28 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:18.0890 0x0b28 clr_optimization_v2.0.50727_32 - ok
18:28:18.0968 0x0b28 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:19.0000 0x0b28 clr_optimization_v4.0.30319_32 - ok
18:28:19.0046 0x0b28 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:28:19.0250 0x0b28 CmBatt - ok
18:28:19.0250 0x0b28 CmdIde - ok
18:28:19.0312 0x0b28 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:28:19.0546 0x0b28 Compbatt - ok
18:28:19.0562 0x0b28 COMSysApp - ok
18:28:19.0578 0x0b28 Cpqarray - ok
18:28:19.0640 0x0b28 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:28:19.0859 0x0b28 CryptSvc - ok
18:28:19.0875 0x0b28 dac2w2k - ok
18:28:19.0875 0x0b28 dac960nt - ok
18:28:19.0984 0x0b28 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:28:20.0062 0x0b28 DcomLaunch - ok
18:28:20.0109 0x0b28 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:28:20.0328 0x0b28 Dhcp - ok
18:28:20.0515 0x0b28 [ 589C7025A04F697B3D140ACCEC5F8592, 8470CB7BD2892E9452A8BD713F85D573AC6B4BFAE25D28A578D329311196EA34 ] Disc Soft Lite Bus Service C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe
18:28:20.0640 0x0b28 Disc Soft Lite Bus Service - ok
18:28:20.0703 0x0b28 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:28:20.0937 0x0b28 Disk - ok
18:28:20.0953 0x0b28 dmadmin - ok
18:28:21.0062 0x0b28 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:28:21.0468 0x0b28 dmboot - ok
18:28:21.0531 0x0b28 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:28:21.0781 0x0b28 dmio - ok
18:28:21.0843 0x0b28 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:28:22.0093 0x0b28 dmload - ok
18:28:22.0171 0x0b28 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:28:22.0421 0x0b28 dmserver - ok
18:28:22.0500 0x0b28 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:28:22.0750 0x0b28 DMusic - ok
18:28:22.0843 0x0b28 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:28:22.0859 0x0b28 Dnscache - ok
18:28:22.0906 0x0b28 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:28:23.0171 0x0b28 Dot3svc - ok
18:28:23.0187 0x0b28 dpti2o - ok
18:28:23.0234 0x0b28 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:28:23.0468 0x0b28 drmkaud - ok
18:28:23.0546 0x0b28 [ 0026A0408C87AB8DCA6FF9A8977C7066, EF64AE4717E68A090D5D86A39C32994A521B7488622569E6B42ED31E83C1AA8C ] dtlitescsibus C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys
18:28:23.0578 0x0b28 dtlitescsibus - ok
18:28:23.0609 0x0b28 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:28:23.0859 0x0b28 EapHost - ok
18:28:23.0937 0x0b28 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:28:24.0218 0x0b28 ERSvc - ok
18:28:24.0312 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
18:28:24.0359 0x0b28 Eventlog - ok
18:28:24.0421 0x0b28 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
18:28:24.0468 0x0b28 EventSystem - ok
18:28:24.0515 0x0b28 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:28:24.0718 0x0b28 Fastfat - ok
18:28:24.0812 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:28:24.0859 0x0b28 FastUserSwitchingCompatibility - ok
18:28:24.0875 0x0b28 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:28:25.0062 0x0b28 Fdc - ok
18:28:25.0078 0x0b28 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:28:25.0328 0x0b28 Fips - ok
18:28:25.0375 0x0b28 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:28:25.0578 0x0b28 Flpydisk - ok
18:28:25.0640 0x0b28 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:28:25.0843 0x0b28 FltMgr - ok
18:28:25.0906 0x0b28 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:28:26.0109 0x0b28 Fs_Rec - ok
18:28:26.0203 0x0b28 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:28:26.0421 0x0b28 Ftdisk - ok
18:28:26.0453 0x0b28 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:28:26.0671 0x0b28 Gpc - ok
18:28:26.0718 0x0b28 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:28:26.0937 0x0b28 HDAudBus - ok
18:28:27.0031 0x0b28 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:28:27.0234 0x0b28 helpsvc - ok
18:28:27.0296 0x0b28 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:28:27.0515 0x0b28 HidServ - ok
18:28:27.0593 0x0b28 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:28:27.0812 0x0b28 HidUsb - ok
18:28:27.0890 0x0b28 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:28:28.0125 0x0b28 hkmsvc - ok
18:28:28.0140 0x0b28 hpn - ok
18:28:28.0218 0x0b28 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:28:28.0296 0x0b28 HTTP - ok
18:28:28.0343 0x0b28 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:28:28.0593 0x0b28 HTTPFilter - ok
18:28:28.0609 0x0b28 i2omgmt - ok
18:28:28.0609 0x0b28 i2omp - ok
18:28:28.0671 0x0b28 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:28:28.0875 0x0b28 i8042prt - ok
18:28:29.0375 0x0b28 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:28:30.0015 0x0b28 ialm - ok
18:28:30.0078 0x0b28 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:28:30.0296 0x0b28 Imapi - ok
18:28:30.0375 0x0b28 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:28:30.0656 0x0b28 ImapiService - ok
18:28:30.0671 0x0b28 ini910u - ok
18:28:31.0218 0x0b28 [ 2E9CDF1766FA55E88443E1EF48923BC8, 34194B34A0D5974B3207E774265A533F3D9181CBBDD382ABD0E3AB85BBCB76A7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:28:31.0765 0x0b28 IntcAzAudAddService - ok
18:28:31.0796 0x0b28 IntelIde - ok
18:28:31.0875 0x0b28 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:28:32.0078 0x0b28 intelppm - ok
18:28:32.0125 0x0b28 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:28:32.0375 0x0b28 Ip6Fw - ok
18:28:32.0421 0x0b28 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:28:32.0625 0x0b28 IpFilterDriver - ok
18:28:32.0671 0x0b28 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:28:32.0890 0x0b28 IpInIp - ok
18:28:32.0953 0x0b28 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:28:33.0171 0x0b28 IpNat - ok
18:28:33.0234 0x0b28 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:28:33.0437 0x0b28 IPSec - ok
18:28:33.0484 0x0b28 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:28:33.0687 0x0b28 IRENUM - ok
18:28:33.0750 0x0b28 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:28:33.0937 0x0b28 isapnp - ok
18:28:34.0000 0x0b28 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:28:34.0187 0x0b28 Kbdclass - ok
18:28:34.0265 0x0b28 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:28:34.0484 0x0b28 kmixer - ok
18:28:34.0546 0x0b28 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:28:34.0578 0x0b28 KSecDD - ok
18:28:34.0625 0x0b28 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:28:34.0656 0x0b28 lanmanserver - ok
18:28:34.0703 0x0b28 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:28:34.0750 0x0b28 lanmanworkstation - ok
18:28:34.0750 0x0b28 lbrtfdc - ok
18:28:34.0812 0x0b28 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:28:35.0015 0x0b28 LmHosts - ok
18:28:35.0062 0x0b28 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:28:35.0281 0x0b28 Messenger - ok
18:28:35.0328 0x0b28 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:28:35.0531 0x0b28 mnmdd - ok
18:28:35.0609 0x0b28 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:28:35.0812 0x0b28 mnmsrvc - ok
18:28:35.0875 0x0b28 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:28:36.0093 0x0b28 Modem - ok
18:28:36.0250 0x0b28 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:28:36.0390 0x0b28 Monfilt - ok
18:28:36.0421 0x0b28 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:28:36.0625 0x0b28 Mouclass - ok
18:28:36.0687 0x0b28 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:28:36.0890 0x0b28 mouhid - ok
18:28:36.0968 0x0b28 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:28:37.0156 0x0b28 MountMgr - ok
18:28:37.0171 0x0b28 mraid35x - ok
18:28:37.0234 0x0b28 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:28:37.0453 0x0b28 MRxDAV - ok
18:28:37.0546 0x0b28 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:28:37.0640 0x0b28 MRxSmb - ok
18:28:37.0687 0x0b28 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:28:37.0875 0x0b28 MSDTC - ok
18:28:37.0937 0x0b28 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:28:38.0140 0x0b28 Msfs - ok
18:28:38.0140 0x0b28 MSIServer - ok
18:28:38.0203 0x0b28 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:28:38.0437 0x0b28 MSKSSRV - ok
18:28:38.0468 0x0b28 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:28:38.0671 0x0b28 MSPCLOCK - ok
18:28:38.0718 0x0b28 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:28:38.0937 0x0b28 MSPQM - ok
18:28:39.0015 0x0b28 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:28:39.0203 0x0b28 mssmbios - ok
18:28:39.0265 0x0b28 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:28:39.0484 0x0b28 MSTEE - ok
18:28:39.0562 0x0b28 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:28:39.0609 0x0b28 Mup - ok
18:28:39.0625 0x0b28 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:28:39.0890 0x0b28 NABTSFEC - ok
18:28:39.0968 0x0b28 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:28:40.0234 0x0b28 napagent - ok
18:28:40.0296 0x0b28 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:28:40.0515 0x0b28 NDIS - ok
18:28:40.0578 0x0b28 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:28:40.0781 0x0b28 NdisIP - ok
18:28:40.0843 0x0b28 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:28:40.0875 0x0b28 NdisTapi - ok
18:28:40.0906 0x0b28 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:28:41.0109 0x0b28 Ndisuio - ok
18:28:41.0125 0x0b28 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:28:41.0328 0x0b28 NdisWan - ok
18:28:41.0421 0x0b28 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:28:41.0468 0x0b28 NDProxy - ok
18:28:41.0500 0x0b28 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:28:41.0718 0x0b28 NetBIOS - ok
18:28:41.0781 0x0b28 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:28:42.0000 0x0b28 NetBT - ok
18:28:42.0078 0x0b28 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
18:28:42.0296 0x0b28 NetDDE - ok
18:28:42.0359 0x0b28 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:28:42.0578 0x0b28 NetDDEdsdm - ok
18:28:42.0640 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:28:42.0859 0x0b28 Netlogon - ok
18:28:42.0921 0x0b28 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
18:28:43.0140 0x0b28 Netman - ok
18:28:43.0218 0x0b28 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
18:28:43.0281 0x0b28 Nla - ok
18:28:43.0328 0x0b28 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:28:43.0562 0x0b28 Npfs - ok
18:28:43.0609 0x0b28 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:28:43.0890 0x0b28 Ntfs - ok
18:28:43.0953 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:28:44.0140 0x0b28 NtLmSsp - ok
18:28:44.0234 0x0b28 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:28:44.0484 0x0b28 NtmsSvc - ok
18:28:44.0546 0x0b28 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:28:44.0734 0x0b28 Null - ok
18:28:44.0812 0x0b28 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:28:45.0015 0x0b28 NwlnkFlt - ok
18:28:45.0031 0x0b28 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:28:45.0218 0x0b28 NwlnkFwd - ok
18:28:45.0296 0x0b28 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:28:45.0500 0x0b28 Parport - ok
18:28:45.0546 0x0b28 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:28:45.0750 0x0b28 PartMgr - ok
18:28:45.0796 0x0b28 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:28:46.0000 0x0b28 ParVdm - ok
18:28:46.0062 0x0b28 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:28:46.0265 0x0b28 PCI - ok
18:28:46.0265 0x0b28 PCIDump - ok
18:28:46.0328 0x0b28 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:28:46.0515 0x0b28 PCIIde - ok
18:28:46.0578 0x0b28 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:28:46.0781 0x0b28 Pcmcia - ok
18:28:46.0796 0x0b28 PDCOMP - ok
18:28:46.0796 0x0b28 PDFRAME - ok
18:28:46.0812 0x0b28 PDRELI - ok
18:28:46.0828 0x0b28 PDRFRAME - ok
18:28:46.0828 0x0b28 perc2 - ok
18:28:46.0843 0x0b28 perc2hib - ok
18:28:46.0921 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
18:28:46.0953 0x0b28 PlugPlay - ok
18:28:47.0000 0x0b28 [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
18:28:47.0031 0x0b28 PnkBstrA - ok
18:28:47.0031 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:28:47.0234 0x0b28 PolicyAgent - ok
18:28:47.0312 0x0b28 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:28:47.0531 0x0b28 PptpMiniport - ok
18:28:47.0578 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:28:47.0781 0x0b28 ProtectedStorage - ok
18:28:47.0843 0x0b28 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:28:48.0093 0x0b28 PSched - ok
18:28:48.0093 0x0b28 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:28:48.0359 0x0b28 Ptilink - ok
18:28:48.0375 0x0b28 ql1080 - ok
18:28:48.0390 0x0b28 Ql10wnt - ok
18:28:48.0390 0x0b28 ql12160 - ok
18:28:48.0406 0x0b28 ql1240 - ok
18:28:48.0406 0x0b28 ql1280 - ok
18:28:48.0468 0x0b28 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:28:48.0671 0x0b28 RasAcd - ok
18:28:48.0750 0x0b28 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:28:48.0968 0x0b28 RasAuto - ok
18:28:49.0015 0x0b28 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:28:49.0218 0x0b28 Rasl2tp - ok
18:28:49.0296 0x0b28 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:28:49.0531 0x0b28 RasMan - ok
18:28:49.0593 0x0b28 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:28:49.0796 0x0b28 RasPppoe - ok
18:28:49.0859 0x0b28 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:28:50.0062 0x0b28 Raspti - ok
18:28:50.0125 0x0b28 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:28:50.0343 0x0b28 Rdbss - ok
18:28:50.0390 0x0b28 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:28:50.0593 0x0b28 RDPCDD - ok
18:28:50.0671 0x0b28 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:28:50.0890 0x0b28 rdpdr - ok
18:28:50.0968 0x0b28 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:28:51.0015 0x0b28 RDPWD - ok
18:28:51.0078 0x0b28 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:28:51.0296 0x0b28 RDSessMgr - ok
18:28:51.0343 0x0b28 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:28:51.0546 0x0b28 redbook - ok
18:28:51.0625 0x0b28 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:28:51.0843 0x0b28 RemoteAccess - ok
18:28:51.0890 0x0b28 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:28:52.0109 0x0b28 RemoteRegistry - ok
18:28:52.0187 0x0b28 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:28:52.0390 0x0b28 RFCOMM - ok
18:28:52.0406 0x0b28 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:28:52.0625 0x0b28 RpcLocator - ok
18:28:52.0703 0x0b28 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:28:52.0765 0x0b28 RpcSs - ok
18:28:52.0812 0x0b28 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:28:53.0031 0x0b28 RSVP - ok
18:28:53.0078 0x0b28 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
18:28:53.0281 0x0b28 SamSs - ok
18:28:53.0359 0x0b28 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:28:53.0593 0x0b28 SCardSvr - ok
18:28:53.0640 0x0b28 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:28:53.0859 0x0b28 Schedule - ok
18:28:53.0937 0x0b28 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:28:54.0140 0x0b28 Secdrv - ok
18:28:54.0203 0x0b28 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
18:28:54.0421 0x0b28 seclogon - ok
18:28:54.0500 0x0b28 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
18:28:54.0687 0x0b28 SENS - ok
18:28:54.0765 0x0b28 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:28:54.0984 0x0b28 Serial - ok
18:28:55.0046 0x0b28 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:28:55.0250 0x0b28 Sfloppy - ok
18:28:55.0343 0x0b28 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:28:55.0640 0x0b28 SharedAccess - ok
18:28:55.0718 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:28:55.0750 0x0b28 ShellHWDetection - ok
18:28:55.0765 0x0b28 Simbad - ok
18:28:55.0796 0x0b28 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:28:56.0046 0x0b28 SLIP - ok
18:28:56.0062 0x0b28 Sparrow - ok
18:28:56.0125 0x0b28 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:28:56.0375 0x0b28 splitter - ok
18:28:56.0437 0x0b28 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:28:56.0468 0x0b28 Spooler - ok
18:28:56.0515 0x0b28 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:28:56.0750 0x0b28 sr - ok
18:28:56.0828 0x0b28 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
18:28:57.0093 0x0b28 srservice - ok
18:28:57.0187 0x0b28 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:28:57.0250 0x0b28 Srv - ok
18:28:57.0296 0x0b28 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:28:57.0546 0x0b28 SSDPSRV - ok
18:28:57.0625 0x0b28 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:28:57.0656 0x0b28 ssmdrv - ok
18:28:57.0734 0x0b28 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:28:58.0015 0x0b28 stisvc - ok
18:28:58.0078 0x0b28 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:28:58.0343 0x0b28 streamip - ok
18:28:58.0406 0x0b28 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:28:58.0640 0x0b28 swenum - ok
18:28:58.0718 0x0b28 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:28:58.0953 0x0b28 swmidi - ok
18:28:58.0968 0x0b28 SwPrv - ok
18:28:58.0984 0x0b28 symc810 - ok
18:28:59.0000 0x0b28 symc8xx - ok
18:28:59.0000 0x0b28 sym_hi - ok
18:28:59.0015 0x0b28 sym_u3 - ok
18:28:59.0046 0x0b28 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:28:59.0250 0x0b28 sysaudio - ok
18:28:59.0328 0x0b28 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:28:59.0546 0x0b28 SysmonLog - ok
18:28:59.0625 0x0b28 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:28:59.0859 0x0b28 TapiSrv - ok
18:28:59.0968 0x0b28 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:29:00.0031 0x0b28 Tcpip - ok
18:29:00.0062 0x0b28 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:29:00.0312 0x0b28 TDPIPE - ok
18:29:00.0359 0x0b28 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:29:00.0609 0x0b28 TDTCP - ok
18:29:00.0656 0x0b28 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:29:00.0875 0x0b28 TermDD - ok
18:29:00.0953 0x0b28 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
18:29:01.0187 0x0b28 TermService - ok
18:29:01.0250 0x0b28 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:29:01.0281 0x0b28 Themes - ok
18:29:01.0328 0x0b28 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:29:01.0531 0x0b28 TlntSvr - ok
18:29:01.0546 0x0b28 TosIde - ok
18:29:01.0625 0x0b28 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:29:01.0828 0x0b28 TrkWks - ok
18:29:01.0906 0x0b28 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:29:02.0125 0x0b28 Udfs - ok
18:29:02.0140 0x0b28 ultra - ok
18:29:02.0203 0x0b28 [ 1977313E362C8732C1AF4D1BCB9C06B7, C87AD4D2ECBA736C2B2FA55983C543FF5EB19BBBDF689462884CD7819217458F ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:29:02.0218 0x0b28 UMWdf - detected UnsignedFile.Multi.Generic ( 1 )
18:29:04.0843 0x0b28 Detect skipped due to KSN trusted
18:29:04.0843 0x0b28 UMWdf - ok
18:29:04.0953 0x0b28 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:29:05.0312 0x0b28 Update - ok
18:29:05.0406 0x0b28 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:29:05.0609 0x0b28 upnphost - ok
18:29:05.0671 0x0b28 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
18:29:05.0875 0x0b28 UPS - ok
18:29:05.0953 0x0b28 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:29:05.0984 0x0b28 usbaudio - ok
18:29:06.0031 0x0b28 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:29:06.0062 0x0b28 usbccgp - ok
18:29:06.0093 0x0b28 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:29:06.0109 0x0b28 usbehci - ok
18:29:06.0140 0x0b28 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:29:06.0359 0x0b28 usbhub - ok
18:29:06.0390 0x0b28 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:29:06.0578 0x0b28 usbstor - ok
18:29:06.0640 0x0b28 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:29:06.0828 0x0b28 usbuhci - ok
18:29:06.0890 0x0b28 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:29:06.0921 0x0b28 usbvideo - ok
18:29:06.0953 0x0b28 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:29:07.0156 0x0b28 VgaSave - ok
18:29:07.0156 0x0b28 ViaIde - ok
18:29:07.0234 0x0b28 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:29:07.0437 0x0b28 VolSnap - ok
18:29:07.0500 0x0b28 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
18:29:07.0718 0x0b28 VSS - ok
18:29:07.0781 0x0b28 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
18:29:08.0000 0x0b28 W32Time - ok
18:29:08.0046 0x0b28 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:29:08.0265 0x0b28 Wanarp - ok
18:29:08.0359 0x0b28 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:29:08.0421 0x0b28 Wdf01000 - ok
18:29:08.0421 0x0b28 WDICA - ok
18:29:08.0453 0x0b28 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:29:08.0671 0x0b28 wdmaud - ok
18:29:08.0750 0x0b28 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
18:29:08.0953 0x0b28 WebClient - ok
18:29:09.0078 0x0b28 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:29:09.0296 0x0b28 winmgmt - ok
18:29:09.0406 0x0b28 [ 5FDCCC838CD95F61097D8A637F842AA8, 9EB9E7BEFFF061E1BABABB13C6C9194E835E53F2D550F5C666F5A4B2FAC2B6D5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:29:09.0406 0x0b28 WmdmPmSN - detected UnsignedFile.Multi.Generic ( 1 )
18:29:11.0828 0x0b28 Detect skipped due to KSN trusted
18:29:11.0828 0x0b28 WmdmPmSN - ok
18:29:11.0968 0x0b28 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:29:12.0109 0x0b28 Wmi - ok
18:29:12.0140 0x0b28 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:29:12.0343 0x0b28 WmiAcpi - ok
18:29:12.0406 0x0b28 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:29:12.0625 0x0b28 WmiApSrv - ok
18:29:12.0765 0x0b28 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:29:12.0859 0x0b28 WPFFontCache_v0400 - ok
18:29:12.0906 0x0b28 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:29:13.0125 0x0b28 wscsvc - ok
18:29:13.0187 0x0b28 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:29:13.0390 0x0b28 WSTCODEC - ok
18:29:13.0421 0x0b28 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:29:13.0625 0x0b28 wuauserv - ok
18:29:13.0734 0x0b28 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:29:13.0984 0x0b28 WZCSVC - ok
18:29:14.0046 0x0b28 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:29:14.0296 0x0b28 xmlprov - ok
18:29:14.0359 0x0b28 [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:29:14.0390 0x0b28 xusb21 - ok
18:29:14.0406 0x0b28 ================ Scan global ===============================
18:29:14.0437 0x0b28 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
18:29:14.0609 0x0b28 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
18:29:14.0687 0x0b28 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
18:29:14.0812 0x0b28 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
18:29:14.0828 0x0b28 [ Global ] - ok
18:29:14.0828 0x0b28 ================ Scan MBR ==================================
18:29:14.0843 0x0b28 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
18:29:15.0062 0x0b28 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
18:29:15.0062 0x0b28 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:29:17.0453 0x0b28 ================ Scan VBR ==================================
18:29:17.0468 0x0b28 [ 61832E024DE1742A9A6FEAB7F4168BC8 ] \Device\Harddisk0\DR0\Partition1
18:29:17.0468 0x0b28 \Device\Harddisk0\DR0\Partition1 - ok
18:29:17.0468 0x0b28 ================ Scan generic autorun ======================
18:29:18.0984 0x0b28 [ 496974CF715C9129D38539A4972E01E4, 00B682BDF37D33391C387F2B84F2688083860A511405B9492196DD6C85C7646C ] C:\WINDOWS\RTHDCPL.EXE
18:29:20.0593 0x0b28 RTHDCPL - ok
18:29:20.0656 0x0b28 BluetoothAuthenticationAgent - ok
18:29:20.0750 0x0b28 [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
18:29:20.0812 0x0b28 avgnt - ok
18:29:20.0843 0x0b28 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe
18:29:20.0890 0x0b28 IgfxTray - ok
18:29:20.0921 0x0b28 [ E44733C30F7FE6A1CE7A6B1D2B335CFC, 1638A7C3426504B090E45E0984F52EA9F8C713EC20509F328FC758C4A271C503 ] C:\WINDOWS\system32\hkcmd.exe
18:29:20.0968 0x0b28 HotKeysCmds - ok
18:29:20.0984 0x0b28 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe
18:29:21.0031 0x0b28 Persistence - ok
18:29:21.0046 0x0b28 KernelFaultCheck - ok
18:29:21.0125 0x0b28 [ C4AA81EA4434C2C14B6648AD7CD8294E, 6D1502770912BD50B310BD068A43188E4CF2C674631BB7A20EAF2E0CFA9C870A ] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
18:29:21.0203 0x0b28 XboxStat - ok
18:29:21.0218 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
18:29:21.0437 0x0b28 CTFMON.EXE - ok
18:29:21.0468 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
18:29:21.0671 0x0b28 CTFMON.EXE - ok
18:29:21.0734 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
18:29:21.0921 0x0b28 CTFMON.EXE - ok
18:29:21.0968 0x0b28 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
18:29:22.0156 0x0b28 CTFMON.EXE - ok
18:29:22.0484 0x0b28 [ 6CB0A7EFED5A8B3AAF82D8FF1BF6CB72, 5E306C3145120F14EA407AB431513FA0F6DBFB8B7B2AEE443E1BEC4BD9393F77 ] C:\Programme\DAEMON Tools Lite\DTAgent.exe
18:29:22.0812 0x0b28 DAEMON Tools Lite Automount - ok
18:29:22.0890 0x0b28 Akamai NetSession Interface - ok
18:29:22.0890 0x0b28 Waiting for KSN requests completion. In queue: 11
18:29:23.0890 0x0b28 Waiting for KSN requests completion. In queue: 11
18:29:24.0890 0x0b28 Waiting for KSN requests completion. In queue: 11
18:29:25.0984 0x0b28 AV detected via SS1: Avira Antivirus, 15.0.11.572, enabled, updated
18:29:26.0000 0x0b28 Win FW state via NFM: enabled
18:29:28.0390 0x0b28 ============================================================
18:29:28.0390 0x0b28 Scan finished
18:29:28.0390 0x0b28 ============================================================
18:29:28.0437 0x0fa0 Detected object count: 1
18:29:28.0437 0x0fa0 Actual detected object count: 1
18:37:45.0687 0x0fa0 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:37:45.0687 0x0fa0 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:38:19.0734 0x01bc Deinitialize success
Geändert von Anti-Trojana (17.06.2015 um 23:23 Uhr) |
|
17.06.2015, 23:25
| #6 |
| | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung LOGFILE 2 Code:
ATTFilter 20:00:56.0406 0x0854 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:00:59.0484 0x0854 ============================================================
20:00:59.0484 0x0854 Current date / time: 2015/06/16 20:00:59.0484
20:00:59.0484 0x0854 SystemInfo:
20:00:59.0484 0x0854
20:00:59.0484 0x0854 OS Version: 5.1.2600 ServicePack: 3.0
20:00:59.0484 0x0854 Product type: Workstation
20:00:59.0484 0x0854 ComputerName: ASPIRE
20:00:59.0484 0x0854 UserName: Administrator
20:00:59.0484 0x0854 Windows directory: C:\WINDOWS
20:00:59.0484 0x0854 System windows directory: C:\WINDOWS
20:00:59.0484 0x0854 Processor architecture: Intel x86
20:00:59.0484 0x0854 Number of processors: 2
20:00:59.0484 0x0854 Page size: 0x1000
20:00:59.0484 0x0854 Boot type: Normal boot
20:00:59.0484 0x0854 ============================================================
20:01:02.0609 0x0854 KLMD registered as C:\WINDOWS\system32\drivers\47635482.sys
20:01:02.0812 0x0854 System UUID: {27CBF010-E887-F38E-70A1-AB45267BF284}
20:01:03.0906 0x0854 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:01:03.0937 0x0854 ============================================================
20:01:03.0937 0x0854 \Device\Harddisk0\DR0:
20:01:03.0937 0x0854 MBR partitions:
20:01:03.0937 0x0854 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7
20:01:03.0937 0x0854 ============================================================
20:01:03.0953 0x0854 C: <-> \Device\Harddisk0\DR0\Partition1
20:01:03.0953 0x0854 ============================================================
20:01:03.0953 0x0854 Initialize success
20:01:03.0953 0x0854 ============================================================
20:01:10.0156 0x0fa4 ============================================================
20:01:10.0156 0x0fa4 Scan started
20:01:10.0156 0x0fa4 Mode: Manual; SigCheck; TDLFS;
20:01:10.0156 0x0fa4 ============================================================
20:01:10.0156 0x0fa4 KSN ping started
20:01:10.0328 0x0fa4 KSN ping finished: false
20:01:10.0937 0x0fa4 ================ Scan system memory ========================
20:01:10.0937 0x0fa4 System memory - ok
20:01:10.0937 0x0fa4 ================ Scan services =============================
20:01:11.0078 0x0fa4 Abiosdsk - ok
20:01:11.0093 0x0fa4 abp480n5 - ok
20:01:11.0171 0x0fa4 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:01:12.0437 0x0fa4 ACPI - ok
20:01:12.0546 0x0fa4 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:01:12.0750 0x0fa4 ACPIEC - ok
20:01:12.0765 0x0fa4 adpu160m - ok
20:01:12.0843 0x0fa4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:01:13.0125 0x0fa4 aec - ok
20:01:13.0171 0x0fa4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:01:13.0234 0x0fa4 AFD - ok
20:01:13.0250 0x0fa4 Aha154x - ok
20:01:13.0250 0x0fa4 aic78u2 - ok
20:01:13.0265 0x0fa4 aic78xx - ok
20:01:13.0296 0x0fa4 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:01:13.0562 0x0fa4 Alerter - ok
20:01:13.0578 0x0fa4 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
20:01:13.0796 0x0fa4 ALG - ok
20:01:13.0812 0x0fa4 AliIde - ok
20:01:14.0000 0x0fa4 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:01:14.0187 0x0fa4 Ambfilt - ok
20:01:14.0203 0x0fa4 amsint - ok
20:01:14.0406 0x0fa4 [ 6C82CA438DBBB56EBF46506360411BC9, 61B95C2B92586C80173D12B0D0435DB20DC941A9E1594A90A39569F5888BE4F4 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
20:01:14.0578 0x0fa4 AntiVirMailService - ok
20:01:14.0656 0x0fa4 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:01:14.0750 0x0fa4 AntiVirSchedulerService - ok
20:01:14.0828 0x0fa4 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:01:14.0906 0x0fa4 AntiVirService - ok
20:01:15.0062 0x0fa4 [ A9861F16762ABF8C1710E599FBBA6A7E, 42E3E1DDB6BA608928537AA83FF4312A6D6FE7DB0DEF4A1DFA69132F2394E899 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:01:15.0234 0x0fa4 AntiVirWebService - ok
20:01:15.0296 0x0fa4 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:01:15.0656 0x0fa4 AppMgmt - ok
20:01:15.0796 0x0fa4 [ 7CAE93FE5511D0C0688CFA56CF241E31, EF02A5A8FE71A8DAA99D2D82573EA91706B580DFB2A212B4D862C6500498CD87 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
20:01:15.0984 0x0fa4 AR5416 - ok
20:01:16.0000 0x0fa4 asc - ok
20:01:16.0000 0x0fa4 asc3350p - ok
20:01:16.0015 0x0fa4 asc3550 - ok
20:01:16.0109 0x0fa4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:01:16.0171 0x0fa4 aspnet_state - ok
20:01:16.0218 0x0fa4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:01:16.0546 0x0fa4 AsyncMac - ok
20:01:16.0593 0x0fa4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:01:16.0859 0x0fa4 atapi - ok
20:01:16.0859 0x0fa4 Atdisk - ok
20:01:16.0890 0x0fa4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:01:17.0125 0x0fa4 Atmarpc - ok
20:01:17.0187 0x0fa4 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:01:17.0406 0x0fa4 AudioSrv - ok
20:01:17.0484 0x0fa4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:01:17.0687 0x0fa4 audstub - ok
20:01:17.0750 0x0fa4 [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:01:17.0781 0x0fa4 avgntflt - ok
20:01:17.0828 0x0fa4 [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:01:17.0843 0x0fa4 avipbb - ok
20:01:17.0890 0x0fa4 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:01:17.0906 0x0fa4 avkmgr - ok
20:01:17.0968 0x0fa4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:01:18.0234 0x0fa4 Beep - ok
20:01:18.0312 0x0fa4 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
20:01:18.0609 0x0fa4 BITS - ok
20:01:18.0687 0x0fa4 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
20:01:18.0765 0x0fa4 Browser - ok
20:01:18.0796 0x0fa4 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:01:19.0062 0x0fa4 BthEnum - ok
20:01:19.0109 0x0fa4 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
20:01:19.0421 0x0fa4 BTHMODEM - ok
20:01:19.0453 0x0fa4 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:01:19.0656 0x0fa4 BthPan - ok
20:01:19.0750 0x0fa4 [ 592E1CEDBE314D0EF184DC6F46141E76, D69106F90C56C1E67BA4B96D6766C6676B66D0E0DF8358DA4B75FEFF211AA23E ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
20:01:19.0828 0x0fa4 BTHPORT - ok
20:01:19.0859 0x0fa4 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ C:\WINDOWS\System32\bthserv.dll
20:01:20.0078 0x0fa4 BthServ - ok
20:01:20.0125 0x0fa4 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:01:20.0390 0x0fa4 BTHUSB - ok
20:01:20.0421 0x0fa4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:01:20.0625 0x0fa4 cbidf2k - ok
20:01:20.0703 0x0fa4 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:01:20.0953 0x0fa4 CCDECODE - ok
20:01:20.0953 0x0fa4 cd20xrnt - ok
20:01:21.0031 0x0fa4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:01:21.0296 0x0fa4 Cdaudio - ok
20:01:21.0343 0x0fa4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:01:21.0656 0x0fa4 Cdfs - ok
20:01:21.0687 0x0fa4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:01:21.0906 0x0fa4 Cdrom - ok
20:01:21.0906 0x0fa4 Changer - ok
20:01:21.0984 0x0fa4 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:01:22.0187 0x0fa4 CiSvc - ok
20:01:22.0250 0x0fa4 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:01:22.0468 0x0fa4 ClipSrv - ok
20:01:22.0531 0x0fa4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:22.0593 0x0fa4 clr_optimization_v2.0.50727_32 - ok
20:01:22.0671 0x0fa4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:22.0687 0x0fa4 clr_optimization_v4.0.30319_32 - ok
20:01:22.0734 0x0fa4 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:01:22.0953 0x0fa4 CmBatt - ok
20:01:22.0953 0x0fa4 CmdIde - ok
20:01:23.0000 0x0fa4 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:01:23.0265 0x0fa4 Compbatt - ok
20:01:23.0265 0x0fa4 COMSysApp - ok
20:01:23.0281 0x0fa4 Cpqarray - ok
20:01:23.0343 0x0fa4 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:01:23.0562 0x0fa4 CryptSvc - ok
20:01:23.0562 0x0fa4 dac2w2k - ok
20:01:23.0578 0x0fa4 dac960nt - ok
20:01:23.0687 0x0fa4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:01:23.0781 0x0fa4 DcomLaunch - ok
20:01:23.0828 0x0fa4 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:01:24.0046 0x0fa4 Dhcp - ok
20:01:24.0265 0x0fa4 [ 589C7025A04F697B3D140ACCEC5F8592, 8470CB7BD2892E9452A8BD713F85D573AC6B4BFAE25D28A578D329311196EA34 ] Disc Soft Lite Bus Service C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe
20:01:24.0437 0x0fa4 Disc Soft Lite Bus Service - ok
20:01:24.0484 0x0fa4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:01:24.0796 0x0fa4 Disk - ok
20:01:24.0812 0x0fa4 dmadmin - ok
20:01:24.0906 0x0fa4 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:01:25.0234 0x0fa4 dmboot - ok
20:01:25.0296 0x0fa4 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:01:25.0515 0x0fa4 dmio - ok
20:01:25.0593 0x0fa4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:01:25.0859 0x0fa4 dmload - ok
20:01:25.0906 0x0fa4 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:01:26.0187 0x0fa4 dmserver - ok
20:01:26.0312 0x0fa4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:01:26.0703 0x0fa4 DMusic - ok
20:01:26.0750 0x0fa4 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:01:26.0796 0x0fa4 Dnscache - ok
20:01:26.0843 0x0fa4 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:01:27.0265 0x0fa4 Dot3svc - ok
20:01:27.0265 0x0fa4 dpti2o - ok
20:01:27.0296 0x0fa4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:01:27.0578 0x0fa4 drmkaud - ok
20:01:27.0625 0x0fa4 [ 0026A0408C87AB8DCA6FF9A8977C7066, EF64AE4717E68A090D5D86A39C32994A521B7488622569E6B42ED31E83C1AA8C ] dtlitescsibus C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys
20:01:27.0656 0x0fa4 dtlitescsibus - ok
20:01:27.0703 0x0fa4 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:01:28.0015 0x0fa4 EapHost - ok
20:01:28.0062 0x0fa4 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:01:28.0328 0x0fa4 ERSvc - ok
20:01:28.0390 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
20:01:28.0421 0x0fa4 Eventlog - ok
20:01:28.0484 0x0fa4 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
20:01:28.0546 0x0fa4 EventSystem - ok
20:01:28.0593 0x0fa4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:01:28.0796 0x0fa4 Fastfat - ok
20:01:28.0875 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:01:28.0953 0x0fa4 FastUserSwitchingCompatibility - ok
20:01:28.0968 0x0fa4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:01:29.0171 0x0fa4 Fdc - ok
20:01:29.0187 0x0fa4 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:01:29.0421 0x0fa4 Fips - ok
20:01:29.0500 0x0fa4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:01:29.0687 0x0fa4 Flpydisk - ok
20:01:29.0765 0x0fa4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:01:30.0046 0x0fa4 FltMgr - ok
20:01:30.0062 0x0fa4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:01:30.0328 0x0fa4 Fs_Rec - ok
20:01:30.0421 0x0fa4 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:01:30.0750 0x0fa4 Ftdisk - ok
20:01:30.0812 0x0fa4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:01:31.0156 0x0fa4 Gpc - ok
20:01:31.0203 0x0fa4 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:01:31.0484 0x0fa4 HDAudBus - ok
20:01:31.0593 0x0fa4 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:01:31.0843 0x0fa4 helpsvc - ok
20:01:31.0890 0x0fa4 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:01:32.0109 0x0fa4 HidServ - ok
20:01:32.0156 0x0fa4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:01:32.0359 0x0fa4 HidUsb - ok
20:01:32.0437 0x0fa4 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:01:32.0718 0x0fa4 hkmsvc - ok
20:01:32.0718 0x0fa4 hpn - ok
20:01:32.0781 0x0fa4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:01:32.0828 0x0fa4 HTTP - ok
20:01:32.0859 0x0fa4 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:01:33.0156 0x0fa4 HTTPFilter - ok
20:01:33.0156 0x0fa4 i2omgmt - ok
20:01:33.0171 0x0fa4 i2omp - ok
20:01:33.0234 0x0fa4 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:01:33.0437 0x0fa4 i8042prt - ok
20:01:33.0937 0x0fa4 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:01:34.0812 0x0fa4 ialm - ok
20:01:34.0890 0x0fa4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:01:35.0125 0x0fa4 Imapi - ok
20:01:35.0171 0x0fa4 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:01:35.0406 0x0fa4 ImapiService - ok
20:01:35.0421 0x0fa4 ini910u - ok
20:01:35.0921 0x0fa4 [ 2E9CDF1766FA55E88443E1EF48923BC8, 34194B34A0D5974B3207E774265A533F3D9181CBBDD382ABD0E3AB85BBCB76A7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:01:36.0703 0x0fa4 IntcAzAudAddService - ok
20:01:36.0734 0x0fa4 IntelIde - ok
20:01:36.0812 0x0fa4 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:01:37.0125 0x0fa4 intelppm - ok
20:01:37.0156 0x0fa4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:01:37.0437 0x0fa4 Ip6Fw - ok
20:01:37.0500 0x0fa4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:01:37.0750 0x0fa4 IpFilterDriver - ok
20:01:37.0781 0x0fa4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:01:38.0000 0x0fa4 IpInIp - ok
20:01:38.0062 0x0fa4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:01:38.0312 0x0fa4 IpNat - ok
20:01:38.0375 0x0fa4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:01:38.0625 0x0fa4 IPSec - ok
20:01:38.0656 0x0fa4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:01:38.0859 0x0fa4 IRENUM - ok
20:01:38.0921 0x0fa4 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:01:39.0140 0x0fa4 isapnp - ok
20:01:39.0171 0x0fa4 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:01:39.0375 0x0fa4 Kbdclass - ok
20:01:39.0437 0x0fa4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:01:39.0656 0x0fa4 kmixer - ok
20:01:39.0734 0x0fa4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:01:39.0828 0x0fa4 KSecDD - ok
20:01:39.0859 0x0fa4 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:01:39.0937 0x0fa4 lanmanserver - ok
20:01:40.0000 0x0fa4 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:01:40.0046 0x0fa4 lanmanworkstation - ok
20:01:40.0062 0x0fa4 lbrtfdc - ok
20:01:40.0125 0x0fa4 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:01:40.0390 0x0fa4 LmHosts - ok
20:01:40.0406 0x0fa4 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:01:40.0609 0x0fa4 Messenger - ok
20:01:40.0687 0x0fa4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:01:40.0906 0x0fa4 mnmdd - ok
20:01:40.0968 0x0fa4 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:01:41.0187 0x0fa4 mnmsrvc - ok
20:01:41.0250 0x0fa4 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:01:41.0531 0x0fa4 Modem - ok
20:01:41.0687 0x0fa4 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:01:41.0843 0x0fa4 Monfilt - ok
20:01:41.0875 0x0fa4 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:01:42.0093 0x0fa4 Mouclass - ok
20:01:42.0140 0x0fa4 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:01:42.0359 0x0fa4 mouhid - ok
20:01:42.0421 0x0fa4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:01:42.0671 0x0fa4 MountMgr - ok
20:01:42.0671 0x0fa4 mraid35x - ok
20:01:42.0703 0x0fa4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:01:42.0921 0x0fa4 MRxDAV - ok
20:01:43.0000 0x0fa4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:01:43.0125 0x0fa4 MRxSmb - ok
20:01:43.0156 0x0fa4 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:01:43.0359 0x0fa4 MSDTC - ok
20:01:43.0421 0x0fa4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:01:43.0656 0x0fa4 Msfs - ok
20:01:43.0656 0x0fa4 MSIServer - ok
20:01:43.0687 0x0fa4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:01:43.0906 0x0fa4 MSKSSRV - ok
20:01:43.0968 0x0fa4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:01:44.0156 0x0fa4 MSPCLOCK - ok
20:01:44.0187 0x0fa4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:01:44.0406 0x0fa4 MSPQM - ok
20:01:44.0484 0x0fa4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:01:44.0718 0x0fa4 mssmbios - ok
20:01:44.0750 0x0fa4 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:01:44.0968 0x0fa4 MSTEE - ok
20:01:45.0046 0x0fa4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:01:45.0109 0x0fa4 Mup - ok
20:01:45.0140 0x0fa4 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:01:45.0406 0x0fa4 NABTSFEC - ok
20:01:45.0484 0x0fa4 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:01:45.0828 0x0fa4 napagent - ok
20:01:45.0859 0x0fa4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:01:46.0140 0x0fa4 NDIS - ok
20:01:46.0187 0x0fa4 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:01:46.0468 0x0fa4 NdisIP - ok
20:01:46.0515 0x0fa4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:01:46.0578 0x0fa4 NdisTapi - ok
20:01:46.0609 0x0fa4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:01:46.0812 0x0fa4 Ndisuio - ok
20:01:46.0859 0x0fa4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:01:47.0093 0x0fa4 NdisWan - ok
20:01:47.0140 0x0fa4 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:01:47.0234 0x0fa4 NDProxy - ok
20:01:47.0281 0x0fa4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:01:47.0531 0x0fa4 NetBIOS - ok
20:01:47.0593 0x0fa4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:01:47.0906 0x0fa4 NetBT - ok
20:01:47.0937 0x0fa4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
20:01:48.0171 0x0fa4 NetDDE - ok
20:01:48.0234 0x0fa4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:01:48.0453 0x0fa4 NetDDEdsdm - ok
20:01:48.0515 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:01:48.0750 0x0fa4 Netlogon - ok
20:01:48.0828 0x0fa4 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
20:01:49.0093 0x0fa4 Netman - ok
20:01:49.0140 0x0fa4 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
20:01:49.0187 0x0fa4 Nla - ok
20:01:49.0234 0x0fa4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:01:49.0437 0x0fa4 Npfs - ok
20:01:49.0484 0x0fa4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:01:49.0765 0x0fa4 Ntfs - ok
20:01:49.0812 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:01:50.0062 0x0fa4 NtLmSsp - ok
20:01:50.0125 0x0fa4 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:01:50.0375 0x0fa4 NtmsSvc - ok
20:01:50.0437 0x0fa4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:01:50.0640 0x0fa4 Null - ok
20:01:50.0703 0x0fa4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:01:50.0906 0x0fa4 NwlnkFlt - ok
20:01:50.0921 0x0fa4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:01:51.0140 0x0fa4 NwlnkFwd - ok
20:01:51.0187 0x0fa4 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:01:51.0406 0x0fa4 Parport - ok
20:01:51.0468 0x0fa4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:01:51.0671 0x0fa4 PartMgr - ok
20:01:51.0718 0x0fa4 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:01:51.0921 0x0fa4 ParVdm - ok
20:01:51.0984 0x0fa4 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:01:52.0234 0x0fa4 PCI - ok
20:01:52.0250 0x0fa4 PCIDump - ok
20:01:52.0296 0x0fa4 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:01:52.0500 0x0fa4 PCIIde - ok
20:01:52.0578 0x0fa4 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:01:52.0781 0x0fa4 Pcmcia - ok
20:01:52.0781 0x0fa4 PDCOMP - ok
20:01:52.0796 0x0fa4 PDFRAME - ok
20:01:52.0812 0x0fa4 PDRELI - ok
20:01:52.0812 0x0fa4 PDRFRAME - ok
20:01:52.0828 0x0fa4 perc2 - ok
20:01:52.0843 0x0fa4 perc2hib - ok
20:01:52.0906 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
20:01:52.0937 0x0fa4 PlugPlay - ok
20:01:53.0000 0x0fa4 [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
20:01:53.0031 0x0fa4 PnkBstrA - ok
20:01:53.0062 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:01:53.0250 0x0fa4 PolicyAgent - ok
20:01:53.0343 0x0fa4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:01:53.0578 0x0fa4 PptpMiniport - ok
20:01:53.0625 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:01:53.0812 0x0fa4 ProtectedStorage - ok
20:01:53.0828 0x0fa4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:01:54.0109 0x0fa4 PSched - ok
20:01:54.0125 0x0fa4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:01:54.0359 0x0fa4 Ptilink - ok
20:01:54.0359 0x0fa4 ql1080 - ok
20:01:54.0375 0x0fa4 Ql10wnt - ok
20:01:54.0390 0x0fa4 ql12160 - ok
20:01:54.0390 0x0fa4 ql1240 - ok
20:01:54.0406 0x0fa4 ql1280 - ok
20:01:54.0468 0x0fa4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:01:54.0671 0x0fa4 RasAcd - ok
20:01:54.0734 0x0fa4 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:01:54.0968 0x0fa4 RasAuto - ok
20:01:55.0015 0x0fa4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:01:55.0312 0x0fa4 Rasl2tp - ok
20:01:55.0359 0x0fa4 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:01:55.0593 0x0fa4 RasMan - ok
20:01:55.0640 0x0fa4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:01:55.0859 0x0fa4 RasPppoe - ok
20:01:55.0859 0x0fa4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:01:56.0109 0x0fa4 Raspti - ok
20:01:56.0140 0x0fa4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:01:56.0359 0x0fa4 Rdbss - ok
20:01:56.0406 0x0fa4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:01:56.0609 0x0fa4 RDPCDD - ok
20:01:56.0703 0x0fa4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:01:56.0921 0x0fa4 rdpdr - ok
20:01:57.0015 0x0fa4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:01:57.0109 0x0fa4 RDPWD - ok
20:01:57.0171 0x0fa4 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:01:57.0375 0x0fa4 RDSessMgr - ok
20:01:57.0437 0x0fa4 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:01:57.0687 0x0fa4 redbook - ok
20:01:57.0750 0x0fa4 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:01:57.0968 0x0fa4 RemoteAccess - ok
20:01:58.0031 0x0fa4 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:01:58.0281 0x0fa4 RemoteRegistry - ok
20:01:58.0312 0x0fa4 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:01:58.0500 0x0fa4 RFCOMM - ok
20:01:58.0593 0x0fa4 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:01:58.0796 0x0fa4 RpcLocator - ok
20:01:58.0890 0x0fa4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:01:58.0937 0x0fa4 RpcSs - ok
20:01:59.0000 0x0fa4 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:01:59.0296 0x0fa4 RSVP - ok
20:01:59.0312 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
20:01:59.0515 0x0fa4 SamSs - ok
20:01:59.0578 0x0fa4 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:01:59.0781 0x0fa4 SCardSvr - ok
20:01:59.0875 0x0fa4 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:02:00.0078 0x0fa4 Schedule - ok
20:02:00.0140 0x0fa4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:02:00.0390 0x0fa4 Secdrv - ok
20:02:00.0421 0x0fa4 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:02:00.0625 0x0fa4 seclogon - ok
20:02:00.0687 0x0fa4 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
20:02:00.0890 0x0fa4 SENS - ok
20:02:00.0968 0x0fa4 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:02:01.0203 0x0fa4 Serial - ok
20:02:01.0265 0x0fa4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:02:01.0515 0x0fa4 Sfloppy - ok
20:02:01.0578 0x0fa4 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:02:01.0890 0x0fa4 SharedAccess - ok
20:02:01.0968 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:02:02.0015 0x0fa4 ShellHWDetection - ok
20:02:02.0015 0x0fa4 Simbad - ok
20:02:02.0062 0x0fa4 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:02:02.0312 0x0fa4 SLIP - ok
20:02:02.0328 0x0fa4 Sparrow - ok
20:02:02.0406 0x0fa4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:02:02.0656 0x0fa4 splitter - ok
20:02:02.0687 0x0fa4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:02:02.0750 0x0fa4 Spooler - ok
20:02:02.0796 0x0fa4 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:02:03.0015 0x0fa4 sr - ok
20:02:03.0093 0x0fa4 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
20:02:03.0312 0x0fa4 srservice - ok
20:02:03.0406 0x0fa4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:02:03.0531 0x0fa4 Srv - ok
20:02:03.0578 0x0fa4 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:02:03.0781 0x0fa4 SSDPSRV - ok
20:02:03.0859 0x0fa4 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:02:03.0890 0x0fa4 ssmdrv - ok
20:02:03.0953 0x0fa4 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:02:04.0250 0x0fa4 stisvc - ok
20:02:04.0312 0x0fa4 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:02:04.0593 0x0fa4 streamip - ok
20:02:04.0640 0x0fa4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:02:04.0875 0x0fa4 swenum - ok
20:02:04.0953 0x0fa4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:02:05.0218 0x0fa4 swmidi - ok
20:02:05.0234 0x0fa4 SwPrv - ok
20:02:05.0250 0x0fa4 symc810 - ok
20:02:05.0250 0x0fa4 symc8xx - ok
20:02:05.0265 0x0fa4 sym_hi - ok
20:02:05.0281 0x0fa4 sym_u3 - ok
20:02:05.0328 0x0fa4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:02:05.0578 0x0fa4 sysaudio - ok
20:02:05.0625 0x0fa4 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:02:05.0828 0x0fa4 SysmonLog - ok
20:02:05.0921 0x0fa4 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:02:06.0156 0x0fa4 TapiSrv - ok
20:02:06.0203 0x0fa4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:02:06.0281 0x0fa4 Tcpip - ok
20:02:06.0328 0x0fa4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:02:06.0593 0x0fa4 TDPIPE - ok
20:02:06.0625 0x0fa4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:02:06.0828 0x0fa4 TDTCP - ok
20:02:06.0875 0x0fa4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:02:07.0109 0x0fa4 TermDD - ok
20:02:07.0171 0x0fa4 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
20:02:07.0453 0x0fa4 TermService - ok
20:02:07.0515 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:02:07.0578 0x0fa4 Themes - ok
20:02:07.0609 0x0fa4 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:02:07.0828 0x0fa4 TlntSvr - ok
20:02:07.0843 0x0fa4 TosIde - ok
20:02:07.0921 0x0fa4 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:02:08.0156 0x0fa4 TrkWks - ok
20:02:08.0250 0x0fa4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:02:08.0453 0x0fa4 Udfs - ok
20:02:08.0453 0x0fa4 ultra - ok
20:02:08.0531 0x0fa4 [ 1977313E362C8732C1AF4D1BCB9C06B7, C87AD4D2ECBA736C2B2FA55983C543FF5EB19BBBDF689462884CD7819217458F ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:02:08.0562 0x0fa4 UMWdf - detected UnsignedFile.Multi.Generic ( 1 )
20:02:08.0734 0x0fa4 UMWdf ( UnsignedFile.Multi.Generic ) - warning
20:02:08.0796 0x0fa4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:02:09.0109 0x0fa4 Update - ok
20:02:09.0156 0x0fa4 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:02:09.0406 0x0fa4 upnphost - ok
20:02:09.0453 0x0fa4 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
20:02:09.0656 0x0fa4 UPS - ok
20:02:09.0734 0x0fa4 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:02:09.0812 0x0fa4 usbaudio - ok
20:02:09.0859 0x0fa4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:02:09.0921 0x0fa4 usbccgp - ok
20:02:09.0937 0x0fa4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:02:09.0968 0x0fa4 usbehci - ok
20:02:09.0984 0x0fa4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:02:10.0187 0x0fa4 usbhub - ok
20:02:10.0234 0x0fa4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:02:10.0484 0x0fa4 usbstor - ok
20:02:10.0515 0x0fa4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:02:10.0718 0x0fa4 usbuhci - ok
20:02:10.0781 0x0fa4 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:02:10.0812 0x0fa4 usbvideo - ok
20:02:10.0843 0x0fa4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:02:11.0109 0x0fa4 VgaSave - ok
20:02:11.0109 0x0fa4 ViaIde - ok
20:02:11.0156 0x0fa4 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:02:11.0375 0x0fa4 VolSnap - ok
20:02:11.0468 0x0fa4 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
20:02:11.0796 0x0fa4 VSS - ok
20:02:11.0828 0x0fa4 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
20:02:12.0031 0x0fa4 W32Time - ok
20:02:12.0109 0x0fa4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:02:12.0312 0x0fa4 Wanarp - ok
20:02:12.0421 0x0fa4 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:02:12.0500 0x0fa4 Wdf01000 - ok
20:02:12.0500 0x0fa4 WDICA - ok
20:02:12.0531 0x0fa4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:02:12.0765 0x0fa4 wdmaud - ok
20:02:12.0812 0x0fa4 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
20:02:13.0078 0x0fa4 WebClient - ok
20:02:13.0156 0x0fa4 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:02:13.0437 0x0fa4 winmgmt - ok
20:02:13.0484 0x0fa4 [ 5FDCCC838CD95F61097D8A637F842AA8, 9EB9E7BEFFF061E1BABABB13C6C9194E835E53F2D550F5C666F5A4B2FAC2B6D5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
20:02:13.0500 0x0fa4 WmdmPmSN - detected UnsignedFile.Multi.Generic ( 1 )
20:02:13.0500 0x0fa4 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
20:02:13.0593 0x0fa4 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:02:13.0718 0x0fa4 Wmi - ok
20:02:13.0750 0x0fa4 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:02:13.0937 0x0fa4 WmiAcpi - ok
20:02:14.0015 0x0fa4 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:02:14.0281 0x0fa4 WmiApSrv - ok
20:02:14.0406 0x0fa4 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:02:14.0500 0x0fa4 WPFFontCache_v0400 - ok
20:02:14.0546 0x0fa4 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:02:14.0781 0x0fa4 wscsvc - ok
20:02:14.0859 0x0fa4 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:02:15.0093 0x0fa4 WSTCODEC - ok
20:02:15.0140 0x0fa4 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:02:15.0406 0x0fa4 wuauserv - ok
20:02:15.0515 0x0fa4 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:02:15.0906 0x0fa4 WZCSVC - ok
20:02:15.0937 0x0fa4 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:02:16.0203 0x0fa4 xmlprov - ok
20:02:16.0296 0x0fa4 [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:02:16.0328 0x0fa4 xusb21 - ok
20:02:16.0343 0x0fa4 ================ Scan global ===============================
20:02:16.0390 0x0fa4 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
20:02:16.0437 0x0fa4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
20:02:16.0500 0x0fa4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
20:02:16.0546 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
20:02:16.0546 0x0fa4 [ Global ] - ok
20:02:16.0546 0x0fa4 ================ Scan MBR ==================================
20:02:16.0562 0x0fa4 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:02:16.0843 0x0fa4 \Device\Harddisk0\DR0 - ok
20:02:16.0843 0x0fa4 ================ Scan VBR ==================================
20:02:16.0843 0x0fa4 [ 61832E024DE1742A9A6FEAB7F4168BC8 ] \Device\Harddisk0\DR0\Partition1
20:02:16.0843 0x0fa4 \Device\Harddisk0\DR0\Partition1 - ok
20:02:16.0843 0x0fa4 ================ Scan generic autorun ======================
20:02:18.0328 0x0fa4 [ 496974CF715C9129D38539A4972E01E4, 00B682BDF37D33391C387F2B84F2688083860A511405B9492196DD6C85C7646C ] C:\WINDOWS\RTHDCPL.EXE
20:02:20.0359 0x0fa4 RTHDCPL - ok
20:02:20.0437 0x0fa4 BluetoothAuthenticationAgent - ok
20:02:20.0515 0x0fa4 [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
20:02:20.0640 0x0fa4 avgnt - ok
20:02:20.0656 0x0fa4 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe
20:02:20.0718 0x0fa4 IgfxTray - ok
20:02:20.0734 0x0fa4 [ E44733C30F7FE6A1CE7A6B1D2B335CFC, 1638A7C3426504B090E45E0984F52EA9F8C713EC20509F328FC758C4A271C503 ] C:\WINDOWS\system32\hkcmd.exe
20:02:20.0796 0x0fa4 HotKeysCmds - ok
20:02:20.0812 0x0fa4 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe
20:02:20.0875 0x0fa4 Persistence - ok
20:02:20.0890 0x0fa4 KernelFaultCheck - ok
20:02:20.0968 0x0fa4 [ C4AA81EA4434C2C14B6648AD7CD8294E, 6D1502770912BD50B310BD068A43188E4CF2C674631BB7A20EAF2E0CFA9C870A ] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
20:02:21.0093 0x0fa4 XboxStat - ok
20:02:21.0109 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
20:02:21.0421 0x0fa4 CTFMON.EXE - ok
20:02:21.0453 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
20:02:21.0687 0x0fa4 CTFMON.EXE - ok
20:02:21.0734 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
20:02:21.0953 0x0fa4 CTFMON.EXE - ok
20:02:22.0015 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
20:02:22.0203 0x0fa4 CTFMON.EXE - ok
20:02:22.0515 0x0fa4 [ 6CB0A7EFED5A8B3AAF82D8FF1BF6CB72, 5E306C3145120F14EA407AB431513FA0F6DBFB8B7B2AEE443E1BEC4BD9393F77 ] C:\Programme\DAEMON Tools Lite\DTAgent.exe
20:02:23.0015 0x0fa4 DAEMON Tools Lite Automount - ok
20:02:23.0125 0x0fa4 Akamai NetSession Interface - ok
20:02:23.0203 0x0fa4 AV detected via SS1: Avira Antivirus, 15.0.11.572, enabled, updated
20:02:23.0218 0x0fa4 Win FW state via NFM: enabled
20:02:23.0218 0x0fa4 ============================================================
20:02:23.0218 0x0fa4 Scan finished
20:02:23.0218 0x0fa4 ============================================================
20:02:23.0234 0x0e4c Detected object count: 2
20:02:23.0234 0x0e4c Actual detected object count: 2
20:02:24.0812 0x0e4c UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:24.0812 0x0e4c UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:24.0828 0x0e4c WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:24.0828 0x0e4c WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:27.0812 0x0d20 Deinitialize success
20:00:59.0484 0x0854 ============================================================ 20:00:59.0484 0x0854 Current date / time: 2015/06/16 20:00:59.0484 20:00:59.0484 0x0854 SystemInfo: 20:00:59.0484 0x0854 20:00:59.0484 0x0854 OS Version: 5.1.2600 ServicePack: 3.0 20:00:59.0484 0x0854 Product type: Workstation 20:00:59.0484 0x0854 ComputerName: ASPIRE 20:00:59.0484 0x0854 UserName: Administrator 20:00:59.0484 0x0854 Windows directory: C:\WINDOWS 20:00:59.0484 0x0854 System windows directory: C:\WINDOWS 20:00:59.0484 0x0854 Processor architecture: Intel x86 20:00:59.0484 0x0854 Number of processors: 2 20:00:59.0484 0x0854 Page size: 0x1000 20:00:59.0484 0x0854 Boot type: Normal boot 20:00:59.0484 0x0854 ============================================================ 20:01:02.0609 0x0854 KLMD registered as C:\WINDOWS\system32\drivers\47635482.sys 20:01:02.0812 0x0854 System UUID: {27CBF010-E887-F38E-70A1-AB45267BF284} 20:01:03.0906 0x0854 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:01:03.0937 0x0854 ============================================================ 20:01:03.0937 0x0854 \Device\Harddisk0\DR0: 20:01:03.0937 0x0854 MBR partitions: 20:01:03.0937 0x0854 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7 20:01:03.0937 0x0854 ============================================================ 20:01:03.0953 0x0854 C: <-> \Device\Harddisk0\DR0\Partition1 20:01:03.0953 0x0854 ============================================================ 20:01:03.0953 0x0854 Initialize success 20:01:03.0953 0x0854 ============================================================ 20:01:10.0156 0x0fa4 ============================================================ 20:01:10.0156 0x0fa4 Scan started 20:01:10.0156 0x0fa4 Mode: Manual; SigCheck; TDLFS; 20:01:10.0156 0x0fa4 ============================================================ 20:01:10.0156 0x0fa4 KSN ping started 20:01:10.0328 0x0fa4 KSN ping finished: false 20:01:10.0937 0x0fa4 ================ Scan system memory ======================== 20:01:10.0937 0x0fa4 System memory - ok 20:01:10.0937 0x0fa4 ================ Scan services ============================= 20:01:11.0078 0x0fa4 Abiosdsk - ok 20:01:11.0093 0x0fa4 abp480n5 - ok 20:01:11.0171 0x0fa4 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:01:12.0437 0x0fa4 ACPI - ok 20:01:12.0546 0x0fa4 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 20:01:12.0750 0x0fa4 ACPIEC - ok 20:01:12.0765 0x0fa4 adpu160m - ok 20:01:12.0843 0x0fa4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys 20:01:13.0125 0x0fa4 aec - ok 20:01:13.0171 0x0fa4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys 20:01:13.0234 0x0fa4 AFD - ok 20:01:13.0250 0x0fa4 Aha154x - ok 20:01:13.0250 0x0fa4 aic78u2 - ok 20:01:13.0265 0x0fa4 aic78xx - ok 20:01:13.0296 0x0fa4 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll 20:01:13.0562 0x0fa4 Alerter - ok 20:01:13.0578 0x0fa4 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe 20:01:13.0796 0x0fa4 ALG - ok 20:01:13.0812 0x0fa4 AliIde - ok 20:01:14.0000 0x0fa4 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys 20:01:14.0187 0x0fa4 Ambfilt - ok 20:01:14.0203 0x0fa4 amsint - ok 20:01:14.0406 0x0fa4 [ 6C82CA438DBBB56EBF46506360411BC9, 61B95C2B92586C80173D12B0D0435DB20DC941A9E1594A90A39569F5888BE4F4 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe 20:01:14.0578 0x0fa4 AntiVirMailService - ok 20:01:14.0656 0x0fa4 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 20:01:14.0750 0x0fa4 AntiVirSchedulerService - ok 20:01:14.0828 0x0fa4 [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 20:01:14.0906 0x0fa4 AntiVirService - ok 20:01:15.0062 0x0fa4 [ A9861F16762ABF8C1710E599FBBA6A7E, 42E3E1DDB6BA608928537AA83FF4312A6D6FE7DB0DEF4A1DFA69132F2394E899 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE 20:01:15.0234 0x0fa4 AntiVirWebService - ok 20:01:15.0296 0x0fa4 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 20:01:15.0656 0x0fa4 AppMgmt - ok 20:01:15.0796 0x0fa4 [ 7CAE93FE5511D0C0688CFA56CF241E31, EF02A5A8FE71A8DAA99D2D82573EA91706B580DFB2A212B4D862C6500498CD87 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 20:01:15.0984 0x0fa4 AR5416 - ok 20:01:16.0000 0x0fa4 asc - ok 20:01:16.0000 0x0fa4 asc3350p - ok 20:01:16.0015 0x0fa4 asc3550 - ok 20:01:16.0109 0x0fa4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:01:16.0171 0x0fa4 aspnet_state - ok 20:01:16.0218 0x0fa4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:01:16.0546 0x0fa4 AsyncMac - ok 20:01:16.0593 0x0fa4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 20:01:16.0859 0x0fa4 atapi - ok 20:01:16.0859 0x0fa4 Atdisk - ok 20:01:16.0890 0x0fa4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:01:17.0125 0x0fa4 Atmarpc - ok 20:01:17.0187 0x0fa4 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 20:01:17.0406 0x0fa4 AudioSrv - ok 20:01:17.0484 0x0fa4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 20:01:17.0687 0x0fa4 audstub - ok 20:01:17.0750 0x0fa4 [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 20:01:17.0781 0x0fa4 avgntflt - ok 20:01:17.0828 0x0fa4 [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 20:01:17.0843 0x0fa4 avipbb - ok 20:01:17.0890 0x0fa4 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 20:01:17.0906 0x0fa4 avkmgr - ok 20:01:17.0968 0x0fa4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:01:18.0234 0x0fa4 Beep - ok 20:01:18.0312 0x0fa4 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll 20:01:18.0609 0x0fa4 BITS - ok 20:01:18.0687 0x0fa4 [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll 20:01:18.0765 0x0fa4 Browser - ok 20:01:18.0796 0x0fa4 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20:01:19.0062 0x0fa4 BthEnum - ok 20:01:19.0109 0x0fa4 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys 20:01:19.0421 0x0fa4 BTHMODEM - ok 20:01:19.0453 0x0fa4 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 20:01:19.0656 0x0fa4 BthPan - ok 20:01:19.0750 0x0fa4 [ 592E1CEDBE314D0EF184DC6F46141E76, D69106F90C56C1E67BA4B96D6766C6676B66D0E0DF8358DA4B75FEFF211AA23E ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 20:01:19.0828 0x0fa4 BTHPORT - ok 20:01:19.0859 0x0fa4 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ C:\WINDOWS\System32\bthserv.dll 20:01:20.0078 0x0fa4 BthServ - ok 20:01:20.0125 0x0fa4 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 20:01:20.0390 0x0fa4 BTHUSB - ok 20:01:20.0421 0x0fa4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 20:01:20.0625 0x0fa4 cbidf2k - ok 20:01:20.0703 0x0fa4 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:01:20.0953 0x0fa4 CCDECODE - ok 20:01:20.0953 0x0fa4 cd20xrnt - ok 20:01:21.0031 0x0fa4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 20:01:21.0296 0x0fa4 Cdaudio - ok 20:01:21.0343 0x0fa4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 20:01:21.0656 0x0fa4 Cdfs - ok 20:01:21.0687 0x0fa4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:01:21.0906 0x0fa4 Cdrom - ok 20:01:21.0906 0x0fa4 Changer - ok 20:01:21.0984 0x0fa4 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe 20:01:22.0187 0x0fa4 CiSvc - ok 20:01:22.0250 0x0fa4 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 20:01:22.0468 0x0fa4 ClipSrv - ok 20:01:22.0531 0x0fa4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:01:22.0593 0x0fa4 clr_optimization_v2.0.50727_32 - ok 20:01:22.0671 0x0fa4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:01:22.0687 0x0fa4 clr_optimization_v4.0.30319_32 - ok 20:01:22.0734 0x0fa4 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:01:22.0953 0x0fa4 CmBatt - ok 20:01:22.0953 0x0fa4 CmdIde - ok 20:01:23.0000 0x0fa4 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:01:23.0265 0x0fa4 Compbatt - ok 20:01:23.0265 0x0fa4 COMSysApp - ok 20:01:23.0281 0x0fa4 Cpqarray - ok 20:01:23.0343 0x0fa4 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 20:01:23.0562 0x0fa4 CryptSvc - ok 20:01:23.0562 0x0fa4 dac2w2k - ok 20:01:23.0578 0x0fa4 dac960nt - ok 20:01:23.0687 0x0fa4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:01:23.0781 0x0fa4 DcomLaunch - ok 20:01:23.0828 0x0fa4 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 20:01:24.0046 0x0fa4 Dhcp - ok 20:01:24.0265 0x0fa4 [ 589C7025A04F697B3D140ACCEC5F8592, 8470CB7BD2892E9452A8BD713F85D573AC6B4BFAE25D28A578D329311196EA34 ] Disc Soft Lite Bus Service C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe 20:01:24.0437 0x0fa4 Disc Soft Lite Bus Service - ok 20:01:24.0484 0x0fa4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 20:01:24.0796 0x0fa4 Disk - ok 20:01:24.0812 0x0fa4 dmadmin - ok 20:01:24.0906 0x0fa4 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 20:01:25.0234 0x0fa4 dmboot - ok 20:01:25.0296 0x0fa4 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 20:01:25.0515 0x0fa4 dmio - ok 20:01:25.0593 0x0fa4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys 20:01:25.0859 0x0fa4 dmload - ok 20:01:25.0906 0x0fa4 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll 20:01:26.0187 0x0fa4 dmserver - ok 20:01:26.0312 0x0fa4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 20:01:26.0703 0x0fa4 DMusic - ok 20:01:26.0750 0x0fa4 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:01:26.0796 0x0fa4 Dnscache - ok 20:01:26.0843 0x0fa4 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 20:01:27.0265 0x0fa4 Dot3svc - ok 20:01:27.0265 0x0fa4 dpti2o - ok 20:01:27.0296 0x0fa4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 20:01:27.0578 0x0fa4 drmkaud - ok 20:01:27.0625 0x0fa4 [ 0026A0408C87AB8DCA6FF9A8977C7066, EF64AE4717E68A090D5D86A39C32994A521B7488622569E6B42ED31E83C1AA8C ] dtlitescsibus C:\WINDOWS\system32\DRIVERS\dtlitescsibus.sys 20:01:27.0656 0x0fa4 dtlitescsibus - ok 20:01:27.0703 0x0fa4 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:01:28.0015 0x0fa4 EapHost - ok 20:01:28.0062 0x0fa4 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll 20:01:28.0328 0x0fa4 ERSvc - ok 20:01:28.0390 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe 20:01:28.0421 0x0fa4 Eventlog - ok 20:01:28.0484 0x0fa4 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll 20:01:28.0546 0x0fa4 EventSystem - ok 20:01:28.0593 0x0fa4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 20:01:28.0796 0x0fa4 Fastfat - ok 20:01:28.0875 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 20:01:28.0953 0x0fa4 FastUserSwitchingCompatibility - ok 20:01:28.0968 0x0fa4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 20:01:29.0171 0x0fa4 Fdc - ok 20:01:29.0187 0x0fa4 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys 20:01:29.0421 0x0fa4 Fips - ok 20:01:29.0500 0x0fa4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 20:01:29.0687 0x0fa4 Flpydisk - ok 20:01:29.0765 0x0fa4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 20:01:30.0046 0x0fa4 FltMgr - ok 20:01:30.0062 0x0fa4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:01:30.0328 0x0fa4 Fs_Rec - ok 20:01:30.0421 0x0fa4 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:01:30.0750 0x0fa4 Ftdisk - ok 20:01:30.0812 0x0fa4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:01:31.0156 0x0fa4 Gpc - ok 20:01:31.0203 0x0fa4 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:01:31.0484 0x0fa4 HDAudBus - ok 20:01:31.0593 0x0fa4 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:01:31.0843 0x0fa4 helpsvc - ok 20:01:31.0890 0x0fa4 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll 20:01:32.0109 0x0fa4 HidServ - ok 20:01:32.0156 0x0fa4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:01:32.0359 0x0fa4 HidUsb - ok 20:01:32.0437 0x0fa4 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 20:01:32.0718 0x0fa4 hkmsvc - ok 20:01:32.0718 0x0fa4 hpn - ok 20:01:32.0781 0x0fa4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 20:01:32.0828 0x0fa4 HTTP - ok 20:01:32.0859 0x0fa4 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 20:01:33.0156 0x0fa4 HTTPFilter - ok 20:01:33.0156 0x0fa4 i2omgmt - ok 20:01:33.0171 0x0fa4 i2omp - ok 20:01:33.0234 0x0fa4 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:01:33.0437 0x0fa4 i8042prt - ok 20:01:33.0937 0x0fa4 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:01:34.0812 0x0fa4 ialm - ok 20:01:34.0890 0x0fa4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 20:01:35.0125 0x0fa4 Imapi - ok 20:01:35.0171 0x0fa4 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe 20:01:35.0406 0x0fa4 ImapiService - ok 20:01:35.0421 0x0fa4 ini910u - ok 20:01:35.0921 0x0fa4 [ 2E9CDF1766FA55E88443E1EF48923BC8, 34194B34A0D5974B3207E774265A533F3D9181CBBDD382ABD0E3AB85BBCB76A7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:01:36.0703 0x0fa4 IntcAzAudAddService - ok 20:01:36.0734 0x0fa4 IntelIde - ok 20:01:36.0812 0x0fa4 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:01:37.0125 0x0fa4 intelppm - ok 20:01:37.0156 0x0fa4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 20:01:37.0437 0x0fa4 Ip6Fw - ok 20:01:37.0500 0x0fa4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:01:37.0750 0x0fa4 IpFilterDriver - ok 20:01:37.0781 0x0fa4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:01:38.0000 0x0fa4 IpInIp - ok 20:01:38.0062 0x0fa4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:01:38.0312 0x0fa4 IpNat - ok 20:01:38.0375 0x0fa4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:01:38.0625 0x0fa4 IPSec - ok 20:01:38.0656 0x0fa4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 20:01:38.0859 0x0fa4 IRENUM - ok 20:01:38.0921 0x0fa4 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:01:39.0140 0x0fa4 isapnp - ok 20:01:39.0171 0x0fa4 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:01:39.0375 0x0fa4 Kbdclass - ok 20:01:39.0437 0x0fa4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 20:01:39.0656 0x0fa4 kmixer - ok 20:01:39.0734 0x0fa4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 20:01:39.0828 0x0fa4 KSecDD - ok 20:01:39.0859 0x0fa4 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 20:01:39.0937 0x0fa4 lanmanserver - ok 20:01:40.0000 0x0fa4 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 20:01:40.0046 0x0fa4 lanmanworkstation - ok 20:01:40.0062 0x0fa4 lbrtfdc - ok 20:01:40.0125 0x0fa4 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 20:01:40.0390 0x0fa4 LmHosts - ok 20:01:40.0406 0x0fa4 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll 20:01:40.0609 0x0fa4 Messenger - ok 20:01:40.0687 0x0fa4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 20:01:40.0906 0x0fa4 mnmdd - ok 20:01:40.0968 0x0fa4 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 20:01:41.0187 0x0fa4 mnmsrvc - ok 20:01:41.0250 0x0fa4 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 20:01:41.0531 0x0fa4 Modem - ok 20:01:41.0687 0x0fa4 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys 20:01:41.0843 0x0fa4 Monfilt - ok 20:01:41.0875 0x0fa4 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:01:42.0093 0x0fa4 Mouclass - ok 20:01:42.0140 0x0fa4 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:01:42.0359 0x0fa4 mouhid - ok 20:01:42.0421 0x0fa4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 20:01:42.0671 0x0fa4 MountMgr - ok 20:01:42.0671 0x0fa4 mraid35x - ok 20:01:42.0703 0x0fa4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:01:42.0921 0x0fa4 MRxDAV - ok 20:01:43.0000 0x0fa4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:01:43.0125 0x0fa4 MRxSmb - ok 20:01:43.0156 0x0fa4 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe 20:01:43.0359 0x0fa4 MSDTC - ok 20:01:43.0421 0x0fa4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:01:43.0656 0x0fa4 Msfs - ok 20:01:43.0656 0x0fa4 MSIServer - ok 20:01:43.0687 0x0fa4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:01:43.0906 0x0fa4 MSKSSRV - ok 20:01:43.0968 0x0fa4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:01:44.0156 0x0fa4 MSPCLOCK - ok 20:01:44.0187 0x0fa4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 20:01:44.0406 0x0fa4 MSPQM - ok 20:01:44.0484 0x0fa4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:01:44.0718 0x0fa4 mssmbios - ok 20:01:44.0750 0x0fa4 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 20:01:44.0968 0x0fa4 MSTEE - ok 20:01:45.0046 0x0fa4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 20:01:45.0109 0x0fa4 Mup - ok 20:01:45.0140 0x0fa4 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:01:45.0406 0x0fa4 NABTSFEC - ok 20:01:45.0484 0x0fa4 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll 20:01:45.0828 0x0fa4 napagent - ok 20:01:45.0859 0x0fa4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 20:01:46.0140 0x0fa4 NDIS - ok 20:01:46.0187 0x0fa4 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:01:46.0468 0x0fa4 NdisIP - ok 20:01:46.0515 0x0fa4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:01:46.0578 0x0fa4 NdisTapi - ok 20:01:46.0609 0x0fa4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:01:46.0812 0x0fa4 Ndisuio - ok 20:01:46.0859 0x0fa4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:01:47.0093 0x0fa4 NdisWan - ok 20:01:47.0140 0x0fa4 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 20:01:47.0234 0x0fa4 NDProxy - ok 20:01:47.0281 0x0fa4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 20:01:47.0531 0x0fa4 NetBIOS - ok 20:01:47.0593 0x0fa4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:01:47.0906 0x0fa4 NetBT - ok 20:01:47.0937 0x0fa4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe 20:01:48.0171 0x0fa4 NetDDE - ok 20:01:48.0234 0x0fa4 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 20:01:48.0453 0x0fa4 NetDDEdsdm - ok 20:01:48.0515 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:01:48.0750 0x0fa4 Netlogon - ok 20:01:48.0828 0x0fa4 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll 20:01:49.0093 0x0fa4 Netman - ok 20:01:49.0140 0x0fa4 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll 20:01:49.0187 0x0fa4 Nla - ok 20:01:49.0234 0x0fa4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:01:49.0437 0x0fa4 Npfs - ok 20:01:49.0484 0x0fa4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 20:01:49.0765 0x0fa4 Ntfs - ok 20:01:49.0812 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 20:01:50.0062 0x0fa4 NtLmSsp - ok 20:01:50.0125 0x0fa4 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 20:01:50.0375 0x0fa4 NtmsSvc - ok 20:01:50.0437 0x0fa4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys 20:01:50.0640 0x0fa4 Null - ok 20:01:50.0703 0x0fa4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:01:50.0906 0x0fa4 NwlnkFlt - ok 20:01:50.0921 0x0fa4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:01:51.0140 0x0fa4 NwlnkFwd - ok 20:01:51.0187 0x0fa4 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 20:01:51.0406 0x0fa4 Parport - ok 20:01:51.0468 0x0fa4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 20:01:51.0671 0x0fa4 PartMgr - ok 20:01:51.0718 0x0fa4 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 20:01:51.0921 0x0fa4 ParVdm - ok 20:01:51.0984 0x0fa4 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 20:01:52.0234 0x0fa4 PCI - ok 20:01:52.0250 0x0fa4 PCIDump - ok 20:01:52.0296 0x0fa4 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 20:01:52.0500 0x0fa4 PCIIde - ok 20:01:52.0578 0x0fa4 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 20:01:52.0781 0x0fa4 Pcmcia - ok 20:01:52.0781 0x0fa4 PDCOMP - ok 20:01:52.0796 0x0fa4 PDFRAME - ok 20:01:52.0812 0x0fa4 PDRELI - ok 20:01:52.0812 0x0fa4 PDRFRAME - ok 20:01:52.0828 0x0fa4 perc2 - ok 20:01:52.0843 0x0fa4 perc2hib - ok 20:01:52.0906 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe 20:01:52.0937 0x0fa4 PlugPlay - ok 20:01:53.0000 0x0fa4 [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe 20:01:53.0031 0x0fa4 PnkBstrA - ok 20:01:53.0062 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 20:01:53.0250 0x0fa4 PolicyAgent - ok 20:01:53.0343 0x0fa4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:01:53.0578 0x0fa4 PptpMiniport - ok 20:01:53.0625 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 20:01:53.0812 0x0fa4 ProtectedStorage - ok 20:01:53.0828 0x0fa4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 20:01:54.0109 0x0fa4 PSched - ok 20:01:54.0125 0x0fa4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:01:54.0359 0x0fa4 Ptilink - ok 20:01:54.0359 0x0fa4 ql1080 - ok 20:01:54.0375 0x0fa4 Ql10wnt - ok 20:01:54.0390 0x0fa4 ql12160 - ok 20:01:54.0390 0x0fa4 ql1240 - ok 20:01:54.0406 0x0fa4 ql1280 - ok 20:01:54.0468 0x0fa4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:01:54.0671 0x0fa4 RasAcd - ok 20:01:54.0734 0x0fa4 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:01:54.0968 0x0fa4 RasAuto - ok 20:01:55.0015 0x0fa4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:01:55.0312 0x0fa4 Rasl2tp - ok 20:01:55.0359 0x0fa4 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll 20:01:55.0593 0x0fa4 RasMan - ok 20:01:55.0640 0x0fa4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:01:55.0859 0x0fa4 RasPppoe - ok 20:01:55.0859 0x0fa4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 20:01:56.0109 0x0fa4 Raspti - ok 20:01:56.0140 0x0fa4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:01:56.0359 0x0fa4 Rdbss - ok 20:01:56.0406 0x0fa4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:01:56.0609 0x0fa4 RDPCDD - ok 20:01:56.0703 0x0fa4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:01:56.0921 0x0fa4 rdpdr - ok 20:01:57.0015 0x0fa4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 20:01:57.0109 0x0fa4 RDPWD - ok 20:01:57.0171 0x0fa4 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 20:01:57.0375 0x0fa4 RDSessMgr - ok 20:01:57.0437 0x0fa4 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 20:01:57.0687 0x0fa4 redbook - ok 20:01:57.0750 0x0fa4 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:01:57.0968 0x0fa4 RemoteAccess - ok 20:01:58.0031 0x0fa4 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 20:01:58.0281 0x0fa4 RemoteRegistry - ok 20:01:58.0312 0x0fa4 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 20:01:58.0500 0x0fa4 RFCOMM - ok 20:01:58.0593 0x0fa4 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe 20:01:58.0796 0x0fa4 RpcLocator - ok 20:01:58.0890 0x0fa4 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll 20:01:58.0937 0x0fa4 RpcSs - ok 20:01:59.0000 0x0fa4 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe 20:01:59.0296 0x0fa4 RSVP - ok 20:01:59.0312 0x0fa4 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe 20:01:59.0515 0x0fa4 SamSs - ok 20:01:59.0578 0x0fa4 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 20:01:59.0781 0x0fa4 SCardSvr - ok 20:01:59.0875 0x0fa4 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:02:00.0078 0x0fa4 Schedule - ok 20:02:00.0140 0x0fa4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:02:00.0390 0x0fa4 Secdrv - ok 20:02:00.0421 0x0fa4 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll 20:02:00.0625 0x0fa4 seclogon - ok 20:02:00.0687 0x0fa4 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll 20:02:00.0890 0x0fa4 SENS - ok 20:02:00.0968 0x0fa4 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 20:02:01.0203 0x0fa4 Serial - ok 20:02:01.0265 0x0fa4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 20:02:01.0515 0x0fa4 Sfloppy - ok 20:02:01.0578 0x0fa4 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:02:01.0890 0x0fa4 SharedAccess - ok 20:02:01.0968 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:02:02.0015 0x0fa4 ShellHWDetection - ok 20:02:02.0015 0x0fa4 Simbad - ok 20:02:02.0062 0x0fa4 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:02:02.0312 0x0fa4 SLIP - ok 20:02:02.0328 0x0fa4 Sparrow - ok 20:02:02.0406 0x0fa4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys 20:02:02.0656 0x0fa4 splitter - ok 20:02:02.0687 0x0fa4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe 20:02:02.0750 0x0fa4 Spooler - ok 20:02:02.0796 0x0fa4 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 20:02:03.0015 0x0fa4 sr - ok 20:02:03.0093 0x0fa4 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll 20:02:03.0312 0x0fa4 srservice - ok 20:02:03.0406 0x0fa4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:02:03.0531 0x0fa4 Srv - ok 20:02:03.0578 0x0fa4 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:02:03.0781 0x0fa4 SSDPSRV - ok 20:02:03.0859 0x0fa4 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 20:02:03.0890 0x0fa4 ssmdrv - ok 20:02:03.0953 0x0fa4 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll 20:02:04.0250 0x0fa4 stisvc - ok 20:02:04.0312 0x0fa4 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:02:04.0593 0x0fa4 streamip - ok 20:02:04.0640 0x0fa4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 20:02:04.0875 0x0fa4 swenum - ok 20:02:04.0953 0x0fa4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 20:02:05.0218 0x0fa4 swmidi - ok 20:02:05.0234 0x0fa4 SwPrv - ok 20:02:05.0250 0x0fa4 symc810 - ok 20:02:05.0250 0x0fa4 symc8xx - ok 20:02:05.0265 0x0fa4 sym_hi - ok 20:02:05.0281 0x0fa4 sym_u3 - ok 20:02:05.0328 0x0fa4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 20:02:05.0578 0x0fa4 sysaudio - ok 20:02:05.0625 0x0fa4 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 20:02:05.0828 0x0fa4 SysmonLog - ok 20:02:05.0921 0x0fa4 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:02:06.0156 0x0fa4 TapiSrv - ok 20:02:06.0203 0x0fa4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:02:06.0281 0x0fa4 Tcpip - ok 20:02:06.0328 0x0fa4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 20:02:06.0593 0x0fa4 TDPIPE - ok 20:02:06.0625 0x0fa4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 20:02:06.0828 0x0fa4 TDTCP - ok 20:02:06.0875 0x0fa4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 20:02:07.0109 0x0fa4 TermDD - ok 20:02:07.0171 0x0fa4 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll 20:02:07.0453 0x0fa4 TermService - ok 20:02:07.0515 0x0fa4 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll 20:02:07.0578 0x0fa4 Themes - ok 20:02:07.0609 0x0fa4 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 20:02:07.0828 0x0fa4 TlntSvr - ok 20:02:07.0843 0x0fa4 TosIde - ok 20:02:07.0921 0x0fa4 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll 20:02:08.0156 0x0fa4 TrkWks - ok 20:02:08.0250 0x0fa4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 20:02:08.0453 0x0fa4 Udfs - ok 20:02:08.0453 0x0fa4 ultra - ok 20:02:08.0531 0x0fa4 [ 1977313E362C8732C1AF4D1BCB9C06B7, C87AD4D2ECBA736C2B2FA55983C543FF5EB19BBBDF689462884CD7819217458F ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 20:02:08.0562 0x0fa4 UMWdf - detected UnsignedFile.Multi.Generic ( 1 ) 20:02:08.0734 0x0fa4 UMWdf ( UnsignedFile.Multi.Generic ) - warning 20:02:08.0796 0x0fa4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 20:02:09.0109 0x0fa4 Update - ok 20:02:09.0156 0x0fa4 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:02:09.0406 0x0fa4 upnphost - ok 20:02:09.0453 0x0fa4 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe 20:02:09.0656 0x0fa4 UPS - ok 20:02:09.0734 0x0fa4 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 20:02:09.0812 0x0fa4 usbaudio - ok 20:02:09.0859 0x0fa4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:02:09.0921 0x0fa4 usbccgp - ok 20:02:09.0937 0x0fa4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:02:09.0968 0x0fa4 usbehci - ok 20:02:09.0984 0x0fa4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:02:10.0187 0x0fa4 usbhub - ok 20:02:10.0234 0x0fa4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:02:10.0484 0x0fa4 usbstor - ok 20:02:10.0515 0x0fa4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:02:10.0718 0x0fa4 usbuhci - ok 20:02:10.0781 0x0fa4 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 20:02:10.0812 0x0fa4 usbvideo - ok 20:02:10.0843 0x0fa4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 20:02:11.0109 0x0fa4 VgaSave - ok 20:02:11.0109 0x0fa4 ViaIde - ok 20:02:11.0156 0x0fa4 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 20:02:11.0375 0x0fa4 VolSnap - ok 20:02:11.0468 0x0fa4 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe 20:02:11.0796 0x0fa4 VSS - ok 20:02:11.0828 0x0fa4 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll 20:02:12.0031 0x0fa4 W32Time - ok 20:02:12.0109 0x0fa4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:02:12.0312 0x0fa4 Wanarp - ok 20:02:12.0421 0x0fa4 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 20:02:12.0500 0x0fa4 Wdf01000 - ok 20:02:12.0500 0x0fa4 WDICA - ok 20:02:12.0531 0x0fa4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 20:02:12.0765 0x0fa4 wdmaud - ok 20:02:12.0812 0x0fa4 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll 20:02:13.0078 0x0fa4 WebClient - ok 20:02:13.0156 0x0fa4 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:02:13.0437 0x0fa4 winmgmt - ok 20:02:13.0484 0x0fa4 [ 5FDCCC838CD95F61097D8A637F842AA8, 9EB9E7BEFFF061E1BABABB13C6C9194E835E53F2D550F5C666F5A4B2FAC2B6D5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 20:02:13.0500 0x0fa4 WmdmPmSN - detected UnsignedFile.Multi.Generic ( 1 ) 20:02:13.0500 0x0fa4 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning 20:02:13.0593 0x0fa4 [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi C:\WINDOWS\System32\advapi32.dll 20:02:13.0718 0x0fa4 Wmi - ok 20:02:13.0750 0x0fa4 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 20:02:13.0937 0x0fa4 WmiAcpi - ok 20:02:14.0015 0x0fa4 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:02:14.0281 0x0fa4 WmiApSrv - ok 20:02:14.0406 0x0fa4 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:02:14.0500 0x0fa4 WPFFontCache_v0400 - ok 20:02:14.0546 0x0fa4 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 20:02:14.0781 0x0fa4 wscsvc - ok 20:02:14.0859 0x0fa4 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:02:15.0093 0x0fa4 WSTCODEC - ok 20:02:15.0140 0x0fa4 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll 20:02:15.0406 0x0fa4 wuauserv - ok 20:02:15.0515 0x0fa4 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 20:02:15.0906 0x0fa4 WZCSVC - ok 20:02:15.0937 0x0fa4 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll 20:02:16.0203 0x0fa4 xmlprov - ok 20:02:16.0296 0x0fa4 [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys 20:02:16.0328 0x0fa4 xusb21 - ok 20:02:16.0343 0x0fa4 ================ Scan global =============================== 20:02:16.0390 0x0fa4 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll 20:02:16.0437 0x0fa4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 20:02:16.0500 0x0fa4 [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll 20:02:16.0546 0x0fa4 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe 20:02:16.0546 0x0fa4 [ Global ] - ok 20:02:16.0546 0x0fa4 ================ Scan MBR ================================== 20:02:16.0562 0x0fa4 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 20:02:16.0843 0x0fa4 \Device\Harddisk0\DR0 - ok 20:02:16.0843 0x0fa4 ================ Scan VBR ================================== 20:02:16.0843 0x0fa4 [ 61832E024DE1742A9A6FEAB7F4168BC8 ] \Device\Harddisk0\DR0\Partition1 20:02:16.0843 0x0fa4 \Device\Harddisk0\DR0\Partition1 - ok 20:02:16.0843 0x0fa4 ================ Scan generic autorun ====================== 20:02:18.0328 0x0fa4 [ 496974CF715C9129D38539A4972E01E4, 00B682BDF37D33391C387F2B84F2688083860A511405B9492196DD6C85C7646C ] C:\WINDOWS\RTHDCPL.EXE 20:02:20.0359 0x0fa4 RTHDCPL - ok 20:02:20.0437 0x0fa4 BluetoothAuthenticationAgent - ok 20:02:20.0515 0x0fa4 [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe 20:02:20.0640 0x0fa4 avgnt - ok 20:02:20.0656 0x0fa4 [ F38092DE1D6A8CBB11B6B6D0F07E268E, 12D5AA6A51F0807A6DCAED51EB9E35EF8D34CD9C31B628B6EA38421415377BEE ] C:\WINDOWS\system32\igfxtray.exe 20:02:20.0718 0x0fa4 IgfxTray - ok 20:02:20.0734 0x0fa4 [ E44733C30F7FE6A1CE7A6B1D2B335CFC, 1638A7C3426504B090E45E0984F52EA9F8C713EC20509F328FC758C4A271C503 ] C:\WINDOWS\system32\hkcmd.exe 20:02:20.0796 0x0fa4 HotKeysCmds - ok 20:02:20.0812 0x0fa4 [ 2022C54B3A79A51C9538CE47D1F50BC3, AF3E60CAD38C2FEB6CD1BCFC3546C0D03ABA45E6ADF366E8F44659705F7EF0BA ] C:\WINDOWS\system32\igfxpers.exe 20:02:20.0875 0x0fa4 Persistence - ok 20:02:20.0890 0x0fa4 KernelFaultCheck - ok 20:02:20.0968 0x0fa4 [ C4AA81EA4434C2C14B6648AD7CD8294E, 6D1502770912BD50B310BD068A43188E4CF2C674631BB7A20EAF2E0CFA9C870A ] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe 20:02:21.0093 0x0fa4 XboxStat - ok 20:02:21.0109 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 20:02:21.0421 0x0fa4 CTFMON.EXE - ok 20:02:21.0453 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 20:02:21.0687 0x0fa4 CTFMON.EXE - ok 20:02:21.0734 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE 20:02:21.0953 0x0fa4 CTFMON.EXE - ok 20:02:22.0015 0x0fa4 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe 20:02:22.0203 0x0fa4 CTFMON.EXE - ok 20:02:22.0515 0x0fa4 [ 6CB0A7EFED5A8B3AAF82D8FF1BF6CB72, 5E306C3145120F14EA407AB431513FA0F6DBFB8B7B2AEE443E1BEC4BD9393F77 ] C:\Programme\DAEMON Tools Lite\DTAgent.exe 20:02:23.0015 0x0fa4 DAEMON Tools Lite Automount - ok 20:02:23.0125 0x0fa4 Akamai NetSession Interface - ok 20:02:23.0203 0x0fa4 AV detected via SS1: Avira Antivirus, 15.0.11.572, enabled, updated 20:02:23.0218 0x0fa4 Win FW state via NFM: enabled 20:02:23.0218 0x0fa4 ============================================================ 20:02:23.0218 0x0fa4 Scan finished 20:02:23.0218 0x0fa4 ============================================================ 20:02:23.0234 0x0e4c Detected object count: 2 20:02:23.0234 0x0e4c Actual detected object count: 2 20:02:24.0812 0x0e4c UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user 20:02:24.0812 0x0e4c UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:02:24.0828 0x0e4c WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user 20:02:24.0828 0x0e4c WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:02:27.0812 0x0d20 Deinitialize success |
|
18.06.2015, 17:13
| #7 |
| /// the machine /// TB-Ausbilder | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr LeistungSo funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2015, 19:48
| #8 |
| | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Combofix Logfile: Code:
ATTFilter ComboFix 15-06-18.01 - Administrator 18.06.2015 19:46:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1012.527 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-18 bis 2015-06-18 ))))))))))))))))))))))))))))))
.
.
2015-06-18 11:24 . 2015-06-18 11:24 -------- d-----w- c:\programme\Brutal Chess
2015-06-17 20:43 . 2015-06-17 20:43 -------- d-----w- C:\TDSSKiller_Quarantine
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
2015-06-17 20:41 . 2015-06-17 20:41 -------- d--h--w- c:\windows\PIF
2015-06-17 20:36 . 2015-06-17 20:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ashampoo
2015-06-16 15:39 . 2015-06-16 15:39 -------- d-----w- c:\windows\system32\wbem\Repository
2015-06-16 11:53 . 2015-06-16 13:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-06-15 18:51 . 2015-06-17 20:42 -------- d-----w- C:\FRST
2015-06-12 17:33 . 2015-06-12 17:33 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-06-12 17:33 . 2015-06-12 17:33 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-06-10 17:26 . 2015-06-12 17:33 -------- d-----w- c:\windows\system32\Logfiles
2015-06-07 17:28 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2015-06-04 19:19 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2015-06-04 19:19 . 2009-09-09 16:24 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2015-06-04 19:19 . 2009-08-13 20:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-06-04 19:18 . 2015-06-17 20:41 -------- d-----w- c:\programme\Microsoft Xbox 360 Accessories
2015-06-04 17:55 . 2015-06-04 17:55 -------- d-----w- C:\WESTWOOD
2015-05-31 20:14 . 2008-02-15 10:49 192512 ----a-w- c:\windows\system32\igfxres.dll
2015-05-31 17:16 . 2015-05-31 17:16 25016 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\programme\DAEMON Tools Lite
2015-05-30 18:01 . 2015-05-30 18:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 17:47 . 2015-05-30 17:47 -------- d-----w- c:\programme\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-09 08:56 . 2015-05-04 15:15 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-09 08:56 . 2015-05-04 15:15 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:46 . 2015-05-04 15:15 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-01 19:26 . 2015-03-23 19:42 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-01 19:26 . 2015-03-23 19:42 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\programme\DAEMON Tools Lite\DTAgent.exe" [2015-05-21 3579120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-22 18789920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.05.2015 17:15 37896]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.05.2015 17:15 450808]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\programme\DAEMON Tools Lite\DiscSoftBusService.exe [21.05.2015 07:48 1026288]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [31.05.2015 19:16 25016]
S2 AntiVirMailService;Avira Email-Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [04.05.2015 19:31 825136]
S2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [04.05.2015 17:15 1187336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.10.2014 19:56 1691480]
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-18 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
2015-06-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
SafeBoot-44211017.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-06-18 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2015-06-18 19:54:04
ComboFix-quarantined-files.txt 2015-06-18 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 34.824.708.096 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 34.787.528.704 Bytes frei
.
- - End Of File - - 8790954396FA444CBCDD1AF8D83BF832
72B8CE41AF0DE751C946802B3ED844B4 Combofix Logfile: Code:
ATTFilter ComboFix 15-06-18.01 - Administrator 18.06.2015 19:46:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1012.527 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-18 bis 2015-06-18 ))))))))))))))))))))))))))))))
.
.
2015-06-18 11:24 . 2015-06-18 11:24 -------- d-----w- c:\programme\Brutal Chess
2015-06-17 20:43 . 2015-06-17 20:43 -------- d-----w- C:\TDSSKiller_Quarantine
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
2015-06-17 20:41 . 2015-06-17 20:41 -------- d--h--w- c:\windows\PIF
2015-06-17 20:36 . 2015-06-17 20:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ashampoo
2015-06-16 15:39 . 2015-06-16 15:39 -------- d-----w- c:\windows\system32\wbem\Repository
2015-06-16 11:53 . 2015-06-16 13:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-06-15 18:51 . 2015-06-17 20:42 -------- d-----w- C:\FRST
2015-06-12 17:33 . 2015-06-12 17:33 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-06-12 17:33 . 2015-06-12 17:33 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-06-10 17:26 . 2015-06-12 17:33 -------- d-----w- c:\windows\system32\Logfiles
2015-06-07 17:28 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2015-06-04 19:19 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2015-06-04 19:19 . 2009-09-09 16:24 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2015-06-04 19:19 . 2009-08-13 20:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-06-04 19:18 . 2015-06-17 20:41 -------- d-----w- c:\programme\Microsoft Xbox 360 Accessories
2015-06-04 17:55 . 2015-06-04 17:55 -------- d-----w- C:\WESTWOOD
2015-05-31 20:14 . 2008-02-15 10:49 192512 ----a-w- c:\windows\system32\igfxres.dll
2015-05-31 17:16 . 2015-05-31 17:16 25016 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\programme\DAEMON Tools Lite
2015-05-30 18:01 . 2015-05-30 18:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 17:47 . 2015-05-30 17:47 -------- d-----w- c:\programme\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-09 08:56 . 2015-05-04 15:15 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-09 08:56 . 2015-05-04 15:15 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:46 . 2015-05-04 15:15 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-01 19:26 . 2015-03-23 19:42 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-01 19:26 . 2015-03-23 19:42 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\programme\DAEMON Tools Lite\DTAgent.exe" [2015-05-21 3579120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-22 18789920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.05.2015 17:15 37896]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.05.2015 17:15 450808]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\programme\DAEMON Tools Lite\DiscSoftBusService.exe [21.05.2015 07:48 1026288]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [31.05.2015 19:16 25016]
S2 AntiVirMailService;Avira Email-Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [04.05.2015 19:31 825136]
S2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [04.05.2015 17:15 1187336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.10.2014 19:56 1691480]
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-18 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
2015-06-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
SafeBoot-44211017.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-06-18 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2015-06-18 19:54:04
ComboFix-quarantined-files.txt 2015-06-18 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 34.824.708.096 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 34.787.528.704 Bytes frei
.
- - End Of File - - 8790954396FA444CBCDD1AF8D83BF832
72B8CE41AF0DE751C946802B3ED844B4 [/CODE] Es haben sich auch beim ersten Scan neue Ordner gebildet QooBox darin ein Quaratnine Ordner der nun Datein enthält. Hier das ComboFix File mit Internetverbindung : Combofix Logfile: Code:
ATTFilter ComboFix 15-06-18.01 - Administrator 18.06.2015 20:19:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1012.515 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-18 bis 2015-06-18 ))))))))))))))))))))))))))))))
.
.
2015-06-18 11:24 . 2015-06-18 11:24 -------- d-----w- c:\programme\Brutal Chess
2015-06-17 20:43 . 2015-06-17 20:43 -------- d-----w- C:\TDSSKiller_Quarantine
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster
2015-06-17 20:42 . 2015-06-17 20:42 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
2015-06-17 20:41 . 2015-06-17 20:41 -------- d--h--w- c:\windows\PIF
2015-06-17 20:36 . 2015-06-17 20:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ashampoo
2015-06-16 15:39 . 2015-06-16 15:39 -------- d-----w- c:\windows\system32\wbem\Repository
2015-06-16 11:53 . 2015-06-16 13:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-06-15 18:51 . 2015-06-17 20:42 -------- d-----w- C:\FRST
2015-06-12 17:33 . 2015-06-12 17:33 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-06-12 17:33 . 2015-06-12 17:33 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2015-06-12 17:33 . 2015-06-12 17:33 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-06-10 17:26 . 2015-06-12 17:33 -------- d-----w- c:\windows\system32\Logfiles
2015-06-07 17:28 . 1998-07-30 10:51 305152 ----a-w- c:\windows\IsUninst.exe
2015-06-04 19:19 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2015-06-04 19:19 . 2009-09-09 16:24 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2015-06-04 19:19 . 2009-08-13 20:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-06-04 19:18 . 2015-06-17 20:41 -------- d-----w- c:\programme\Microsoft Xbox 360 Accessories
2015-06-04 17:55 . 2015-06-04 17:55 -------- d-----w- C:\WESTWOOD
2015-05-31 20:14 . 2008-02-15 10:49 192512 ----a-w- c:\windows\system32\igfxres.dll
2015-05-31 17:16 . 2015-05-31 17:16 25016 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 18:02 . 2015-06-17 20:38 -------- d-----w- c:\programme\DAEMON Tools Lite
2015-05-30 18:01 . 2015-05-30 18:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2015-05-30 17:47 . 2015-05-30 17:47 -------- d-----w- c:\programme\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-09 08:56 . 2015-05-04 15:15 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-09 08:56 . 2015-05-04 15:15 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 10:46 . 2015-05-04 15:15 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-01 19:26 . 2015-03-23 19:42 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-01 19:26 . 2015-03-23 19:42 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\programme\DAEMON Tools Lite\DTAgent.exe" [2015-05-21 3579120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-22 18789920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.05.2015 17:15 37896]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.05.2015 17:15 450808]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\programme\DAEMON Tools Lite\DiscSoftBusService.exe [21.05.2015 07:48 1026288]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [31.05.2015 19:16 25016]
S2 AntiVirMailService;Avira Email-Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [04.05.2015 19:31 825136]
S2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [04.05.2015 17:15 1187336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.10.2014 19:56 1691480]
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-18 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
2015-06-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2015-05-04 23:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-06-18 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2015-06-18 20:26:58
ComboFix-quarantined-files.txt 2015-06-18 18:26
ComboFix2.txt 2015-06-18 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 34.777.812.992 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 34.768.285.696 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E36EE6E8115B6AA1DC94070FD1E6750B
72B8CE41AF0DE751C946802B3ED844B4 Schrauber in einen Ordner von den QooBox ist auch die Datei IsUn0407.exe.vir enthalten. Bitte kannst du mir nunmal sagen was eigentlich auf dem System los war und was es für Viren sind oder waren und ob das System nun wieder sauber ist ? Muss ja schon einiges gewesen sein und professionell wenn der Antivir die selbs nicht entdecken konnte. Ich halte es für möglich das jemnd mit der Schadsoftware gezielt das System ausspioniert hat nur wie weit bleibt meine Frage ?! Würde mich über Antwort freuen . Grüße ud großes Danke an dich Schrauber Hier noch die ComboFix Quaratine Files : 2015-06-18 17:53:22 . 2015-06-18 17:53:22 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-44211017.sys.reg.dat 2015-06-18 17:53:04 . 2015-06-18 17:53:04 230 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Akamai NetSession Interface.reg.dat 2015-06-18 17:49:55 . 2015-06-18 18:23:00 7,338 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2015-06-18 17:46:13 . 2015-06-18 18:19:34 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr 2015-06-18 17:44:01 . 2015-06-18 18:16:38 102 ----a-w- C:\Qoobox\Quarantine\catchme.log 2015-05-05 20:27:48 . 1998-11-17 11:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\IsUn0407.exe.vir Code:
ATTFilter 2015-06-18 17:53:22 . 2015-06-18 17:53:22 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-44211017.sys.reg.dat
2015-06-18 17:53:04 . 2015-06-18 17:53:04 230 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Akamai NetSession Interface.reg.dat
2015-06-18 17:49:55 . 2015-06-18 18:23:00 7,338 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-06-18 17:46:13 . 2015-06-18 18:19:34 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2015-06-18 17:44:01 . 2015-06-18 18:16:38 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2015-05-05 20:27:48 . 1998-11-17 11:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\IsUn0407.exe.vir
|
|
19.06.2015, 16:00
| #9 |
| /// the machine /// TB-Ausbilder | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2015, 17:35
| #10 |
| | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Hallo Schrauber . Ich habe alle 3 von dir genannten Scans durchgeführt und poste dir jetzt dazu die Logfiles . Malwarebytes Anti-Malware Logfile : Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 19.06.2015 Suchlauf-Zeit: 17:45:55 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.19.03 Rootkit Datenbank: v2015.06.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 299909 Verstrichene Zeit: 20 Min, 21 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.06.2015 Suchlauf-Zeit: 17:45:55 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.19.03 Rootkit Datenbank: v2015.06.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 299909 Verstrichene Zeit: 20 Min, 21 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.206 - Logfile created 19/06/2015 at 18:14:29
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - ASPIRE
# Running from : C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner_4.206.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\OCS
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Web browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v
*************************
AdwCleaner[R2].txt - [909 bytes] - [19/06/2015 18:08:26]
AdwCleaner[R3].txt - [967 bytes] - [19/06/2015 18:12:49]
AdwCleaner[S1].txt - [897 bytes] - [19/06/2015 18:14:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [955 bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Logfile created 19/06/2015 at 18:14:29
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - ASPIRE
# Running from : C:\Dokumente und Einstellungen\Administrator\Desktop\AdwCleaner_4.206.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\OCS
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Web browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v
*************************
AdwCleaner[R2].txt - [909 bytes] - [19/06/2015 18:08:26]
AdwCleaner[R3].txt - [967 bytes] - [19/06/2015 18:12:49]
AdwCleaner[S1].txt - [897 bytes] - [19/06/2015 18:14:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [955 bytes] ##########
JRT Logfile PS : "Warum manche Logfiles doppelt postet kann ich nicht sagen nicht meine Absicht "JRT Logfile: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 19.06.2015 at 18:18:48,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2015 at 18:23:21,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 19.06.2015 at 18:18:48,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2015 at 18:23:21,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schrauber kannst du mir nun sagen mit welchen Trojaner das System infiziert ist oder war ? Und vor allem welche Funktion der Trojaner hatte ? Und was ich mit den Datein in der QooBox Quarantine machen soll ? Ich hoffe das du mir zu dem ganzen etwas ausführliches sagen kannst und vor allem ob das System nun sauber ist. Viele Liebe Grüße |
|
20.06.2015, 11:58
| #11 |
| /// the machine /// TB-Ausbilder | Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung Das war überwiegend Adware, wir machen aber noch Kontrollscans. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Plötzliches Herrunterfahren/Andere benutzer noch angemeldet/USB hat mehr Leistung |
| adware, akamai, antivir, antivirus, avira, browser, cpu, desktop, einstellungen, flash player, google, google analytics, installation, logfile, mozilla, realtek, registry, rundll, software, svchost.exe, system, torbrowser, trojaner, usb, virus, windows, windows xp |
Linear-Darstellung
